mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-06 16:30:39 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'github-kicksecure/master'

Browse Source
This commit is contained in:
Patrick Schleizer
2025-05-28 07:22:16 -04:00
parent e966774862 5a10ad031d
commit eda1d0aef6
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
usr/lib/permission-hardener.d/25_default_whitelist_ssh.conf
View File

@ -5,11 +5,17 @@
## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom ## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
## configuration. When security-misc is updated, this file may be overwritten. ## configuration. When security-misc is updated, this file may be overwritten.
## Used for SSH client key management
## https://manpages.debian.org/bookworm/openssh-client/ssh-agent.1.en.html
## Debian installs ssh-agent with setgid permissions (2755) and with
## _ssh as the group to help mitigate ptrace attacks that could extract
## private keys from the agent's memory.
ssh-agent matchwhitelist
## Used only for SSH host-based authentication ## Used only for SSH host-based authentication
## https://linux.die.net/man/8/ssh-keysign ## https://linux.die.net/man/8/ssh-keysign
## Needed to allow access to the machine's host key for use in the ## Needed to allow access to the machine's host key for use in the
## authentication process. This is a non-default method of authenticating to ## authentication process. This is a non-default method of authenticating to
## SSH, and is likely rarely used, thus this should be safe to disable. ## SSH, and is likely rarely used, thus this should be safe to disable.
#ssh-agent matchwhitelist
#ssh-keysign matchwhitelist #ssh-keysign matchwhitelist
#/usr/lib/openssh matchwhitelist #/usr/lib/openssh matchwhitelist