aboutsummaryrefslogtreecommitdiffstats
path: root/main/openssh/disable-forwarding-by-default.patch
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2018-07-29 15:44:38 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2018-07-30 05:20:27 +0000
commit495bbd7fb1f07c23a1f2d47a071aa5519e08744c (patch)
tree949aa29760418622d5de66868686194059578016 /main/openssh/disable-forwarding-by-default.patch
parent3ab6178f9b24fa30f5922af151a4e4df6ac033c5 (diff)
downloadaports-495bbd7fb1f07c23a1f2d47a071aa5519e08744c.tar.gz
aports-495bbd7fb1f07c23a1f2d47a071aa5519e08744c.tar.bz2
aports-495bbd7fb1f07c23a1f2d47a071aa5519e08744c.tar.xz
main/openssh: disable tcp forwarding in default config
Having TCP forward enabled by default may make it eaiser for attackers who have gained control due to badly configured passwords. So we keep things disabled by default and users can enable when they need it.
Diffstat (limited to 'main/openssh/disable-forwarding-by-default.patch')
-rw-r--r--main/openssh/disable-forwarding-by-default.patch16
1 files changed, 16 insertions, 0 deletions
diff --git a/main/openssh/disable-forwarding-by-default.patch b/main/openssh/disable-forwarding-by-default.patch
new file mode 100644
index 0000000000..9d27926d9d
--- /dev/null
+++ b/main/openssh/disable-forwarding-by-default.patch
@@ -0,0 +1,16 @@
+--- openssh-7.7p1/sshd_config.old 2018-04-02 00:38:28.000000000 -0500
++++ openssh-7.7p1/sshd_config 2018-07-29 03:08:16.340000000 -0500
+@@ -82,9 +82,10 @@
+ #UsePAM no
+
+ #AllowAgentForwarding yes
+-#AllowTcpForwarding yes
+-#GatewayPorts no
+-#X11Forwarding no
++# Feel free to re-enable these if your use case requires them.
++AllowTcpForwarding no
++GatewayPorts no
++X11Forwarding no
+ #X11DisplayOffset 10
+ #X11UseLocalhost yes
+ #PermitTTY yes