From 1a195570c8218e9305d43e90fbb84f4984009c46 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Mon, 11 Jul 2022 19:57:42 -0400
Subject: [PATCH] sshd: disable unused agent forwarding feature

This is a misguided feature and while this doesn't meaningfully reduce
attack surface, it makes sense not to enable it.
---
 sshd_config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sshd_config b/sshd_config
index 58d379e..0537b92 100644
--- a/sshd_config
+++ b/sshd_config
@@ -86,7 +86,7 @@ KbdInteractiveAuthentication no
 # and KbdInteractiveAuthentication to 'no'.
 UsePAM yes
 
-#AllowAgentForwarding yes
+AllowAgentForwarding no
 #AllowTcpForwarding yes
 #GatewayPorts no
 #X11Forwarding no