From 2552843d964162f7ba105775c05a231d9cdd4ae8 Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Sun, 29 Jul 2018 03:13:39 -0500
Subject: system/openssh: disable TCP forwarding by default

---
 system/openssh/disable-forwarding-by-default.patch | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 system/openssh/disable-forwarding-by-default.patch

(limited to 'system/openssh/disable-forwarding-by-default.patch')

diff --git a/system/openssh/disable-forwarding-by-default.patch b/system/openssh/disable-forwarding-by-default.patch
new file mode 100644
index 000000000..9d27926d9
--- /dev/null
+++ b/system/openssh/disable-forwarding-by-default.patch
@@ -0,0 +1,16 @@
+--- openssh-7.7p1/sshd_config.old	2018-04-02 00:38:28.000000000 -0500
++++ openssh-7.7p1/sshd_config	2018-07-29 03:08:16.340000000 -0500
+@@ -82,9 +82,10 @@
+ #UsePAM no
+ 
+ #AllowAgentForwarding yes
+-#AllowTcpForwarding yes
+-#GatewayPorts no
+-#X11Forwarding no
++# Feel free to re-enable these if your use case requires them.
++AllowTcpForwarding no
++GatewayPorts no
++X11Forwarding no
+ #X11DisplayOffset 10
+ #X11UseLocalhost yes
+ #PermitTTY yes
-- 
cgit v1.2.3-60-g2f50