Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-26 12:06:19 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into arraybolt3/trixie

Browse source
This commit is contained in:
Aaron Rainbolt 2025-08-21 20:09:48 -05:00
commit 53e930b4cc
No known key found for this signature in database
GPG key ID: A709160D73C79109
8 changed files with 27 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

4
usr/lib/permission-hardener.d/25_default_whitelist_ssh.conf
View file

@ -6,14 +6,14 @@
## configuration. When security-misc is updated, this file may be overwritten.
## Used for SSH client key management
## https://manpages.debian.org/trixie/openssh-client/ssh-agent.1.en.html
## https://manpages.debian.org/ssh-agent
## Debian installs ssh-agent with setgid permissions (2755) and with
## _ssh as the group to help mitigate ptrace attacks that could extract
## private keys from the agent's memory.
ssh-agent matchwhitelist
## Used only for SSH host-based authentication
## https://linux.die.net/man/8/ssh-keysign
## https://manpages.debian.org/ssh-keysign
## Needed to allow access to the machine's host key for use in the
## authentication process. This is a non-default method of authenticating to
## SSH, and is likely rarely used, thus this should be safe to disable.