From 3849e1201d4e076af4039a1400e05be2006630e5 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sat, 9 Jan 2021 21:43:57 -0300
Subject: allow-ssh.inc: allow /etc/ssh/ssh_config

This is the system-wide equivalent of ~/.ssh/config.

    $ pacman -Q openssh
    openssh 8.4p1-2

Reasons for blacklisting both /etc/ssh and /etc/ssh/* on
disable-common.inc:

Leave /etc/ssh that way so that profiles without allow-ssh.inc remain
unable to see inside of /etc/ssh.  And blacklist /etc/ssh/* so that
profiles with allow-ssh.inc are able to access only nonblacklisted files
inside of /etc/ssh.
---
 etc/inc/disable-common.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'etc/inc/disable-common.inc')

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index eeafe3ec4..e1c930b43 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -396,6 +396,7 @@ blacklist /etc/shadow
 blacklist /etc/shadow+
 blacklist /etc/shadow-
 blacklist /etc/ssh
+blacklist /etc/ssh/*
 blacklist /home/.ecryptfs
 blacklist /home/.fscrypt
 blacklist /var/backup
-- 
cgit v1.2.3-54-g00ecf