system/openssh: add agent-forwarding to list of insecure defaults to change

author: A. Wilcox <AWilcox@Wilcox-Tech.com> 2019-04-12 18:38:14 +0000
committer: A. Wilcox <AWilcox@Wilcox-Tech.com> 2019-04-12 18:38:14 +0000
commit: eebc569a2b303691e1d52f2672896a0d4015972b (patch)
tree: b7498dfd3267f99d4033c72d2e758563aa80ac5f /system/openssh/disable-forwarding-by-default.patch
parent: cfc995507eeee6456c2fcd8315fd1df8e1c8c984 (diff)
download: packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.gz
packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.bz2
packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.xz
packages-eebc569a2b303691e1d52f2672896a0d4015972b.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/system/openssh/disable-forwarding-by-default.patch b/system/openssh/disable-forwarding-by-default.patch
index 9d27926d9..dbd9205ea 100644
--- a/system/openssh/disable-forwarding-by-default.patch
+++ b/system/openssh/disable-forwarding-by-default.patch
@@ -3,11 +3,12 @@
 @@ -82,9 +82,10 @@
  #UsePAM no
  
- #AllowAgentForwarding yes
+-#AllowAgentForwarding yes
 -#AllowTcpForwarding yes
 -#GatewayPorts no
 -#X11Forwarding no
 +# Feel free to re-enable these if your use case requires them.
++AllowAgentForwarding no
 +AllowTcpForwarding no
 +GatewayPorts no
 +X11Forwarding no
author	A. Wilcox <AWilcox@Wilcox-Tech.com>	2019-04-12 18:38:14 +0000
committer	A. Wilcox <AWilcox@Wilcox-Tech.com>	2019-04-12 18:38:14 +0000
commit	eebc569a2b303691e1d52f2672896a0d4015972b (patch)
tree	b7498dfd3267f99d4033c72d2e758563aa80ac5f /system/openssh/disable-forwarding-by-default.patch
parent	cfc995507eeee6456c2fcd8315fd1df8e1c8c984 (diff)
download	packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.gz packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.bz2 packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.xz packages-eebc569a2b303691e1d52f2672896a0d4015972b.zip