Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-27 16:40:53 -05:00
Code Issues Projects Releases Packages Wiki Activity

comments

Browse source
This commit is contained in:
Patrick Schleizer 2025-08-20 09:46:43 -04:00
parent f77c71dd15
commit 5d67277c9f
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
usr/lib/permission-hardener.d/25_default_whitelist_ssh.conf
View file

@ -6,14 +6,14 @@
## configuration. When security-misc is updated, this file may be overwritten. ## configuration. When security-misc is updated, this file may be overwritten.
## Used for SSH client key management ## Used for SSH client key management
## https://manpages.debian.org/trixie/openssh-client/ssh-agent.1.en.html ## https://manpages.debian.org/ssh-agent
## Debian installs ssh-agent with setgid permissions (2755) and with ## Debian installs ssh-agent with setgid permissions (2755) and with
## _ssh as the group to help mitigate ptrace attacks that could extract ## _ssh as the group to help mitigate ptrace attacks that could extract
## private keys from the agent's memory. ## private keys from the agent's memory.
ssh-agent matchwhitelist ssh-agent matchwhitelist
## Used only for SSH host-based authentication ## Used only for SSH host-based authentication
## https://linux.die.net/man/8/ssh-keysign ## https://manpages.debian.org/ssh-keysign
## Needed to allow access to the machine's host key for use in the ## Needed to allow access to the machine's host key for use in the
## authentication process. This is a non-default method of authenticating to ## authentication process. This is a non-default method of authenticating to
## SSH, and is likely rarely used, thus this should be safe to disable. ## SSH, and is likely rarely used, thus this should be safe to disable.