From 64c8c7a8d5a42d2e3da9ce243bc708d1bcbe6039 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Mon, 6 Nov 2023 16:47:31 -0500
Subject: [PATCH] whitelist SSH

---
 .../25_default_whitelist_ssh.conf                     | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 etc/permission-hardening.d/25_default_whitelist_ssh.conf

diff --git a/etc/permission-hardening.d/25_default_whitelist_ssh.conf b/etc/permission-hardening.d/25_default_whitelist_ssh.conf
new file mode 100644
index 0000000..678b2f6
--- /dev/null
+++ b/etc/permission-hardening.d/25_default_whitelist_ssh.conf
@@ -0,0 +1,11 @@
+## Copyright (C) 2023 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+## Please use "/etc/permission-hardening.d/20_user.conf" or
+## "/usr/local/etc/permission-hardening.d/20_user.conf" for your custom
+## configuration. When security-misc is updated, this file may be overwritten.
+
+## TODO: research
+ssh-agent matchwhitelist
+ssh-keysign matchwhitelist
+/lib/openssh matchwhitelist