diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-01-10 14:29:14 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-01-27 18:18:39 -0300 |
commit | f8df786908bb9e4c8a5ec6b65e4a7b0b178954e1 (patch) | |
tree | fc67cd9073f5f3ef7b7ba3944fb1c75e93dcb260 /etc/inc/allow-ruby.inc | |
parent | allow-ssh.inc: allow /etc/ssh/ssh_config (diff) | |
download | firejail-f8df786908bb9e4c8a5ec6b65e4a7b0b178954e1.tar.gz firejail-f8df786908bb9e4c8a5ec6b65e4a7b0b178954e1.tar.zst firejail-f8df786908bb9e4c8a5ec6b65e4a7b0b178954e1.zip |
ssh: deny access to the rest of /etc/ssh/*
ssh_config (allowed on allow-ssh.inc) is the only file in /etc/ssh that
is used by ssh(1). The other paths are only used by sshd(8), so stop
allowing them on ssh.profile and ssh-agent.profile. Path examples from
sshd(8):
* /etc/ssh/moduli
* /etc/ssh/ssh_host_ecdsa_key
* /etc/ssh/ssh_host_ecdsa_key.pub
* /etc/ssh/ssh_known_hosts
* /etc/ssh/sshd_config
* /etc/ssh/sshrc
$ pacman -Q openssh
openssh 8.4p1-2
Diffstat (limited to 'etc/inc/allow-ruby.inc')
0 files changed, 0 insertions, 0 deletions