diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-01-09 21:43:57 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-01-27 18:18:39 -0300 |
commit | 3849e1201d4e076af4039a1400e05be2006630e5 (patch) | |
tree | 98610edaea479f29b383e87448761d9641c927c4 /etc/profile-m-z/ssh.profile | |
parent | etc: add allow-ssh.inc (diff) | |
download | firejail-3849e1201d4e076af4039a1400e05be2006630e5.tar.gz firejail-3849e1201d4e076af4039a1400e05be2006630e5.tar.zst firejail-3849e1201d4e076af4039a1400e05be2006630e5.zip |
allow-ssh.inc: allow /etc/ssh/ssh_config
This is the system-wide equivalent of ~/.ssh/config.
$ pacman -Q openssh
openssh 8.4p1-2
Reasons for blacklisting both /etc/ssh and /etc/ssh/* on
disable-common.inc:
Leave /etc/ssh that way so that profiles without allow-ssh.inc remain
unable to see inside of /etc/ssh. And blacklist /etc/ssh/* so that
profiles with allow-ssh.inc are able to access only nonblacklisted files
inside of /etc/ssh.
Diffstat (limited to 'etc/profile-m-z/ssh.profile')
-rw-r--r-- | etc/profile-m-z/ssh.profile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index efdf63976..eb7bc3ec5 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -7,7 +7,7 @@ include ssh.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /etc/ssh | 10 | noblacklist /etc/ssh/* |
11 | noblacklist /tmp/ssh-* | 11 | noblacklist /tmp/ssh-* |
12 | # nc can be used as ProxyCommand, e.g. when using tor | 12 | # nc can be used as ProxyCommand, e.g. when using tor |
13 | noblacklist ${PATH}/nc | 13 | noblacklist ${PATH}/nc |