mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-04-19 14:56:46 +02:00
495bbd7fb1
Having TCP forward enabled by default may make it eaiser for attackers who have gained control due to badly configured passwords. So we keep things disabled by default and users can enable when they need it.
16 lines
440 B
Diff
16 lines
440 B
Diff
--- openssh-7.7p1/sshd_config.old 2018-04-02 00:38:28.000000000 -0500
|
|
+++ openssh-7.7p1/sshd_config 2018-07-29 03:08:16.340000000 -0500
|
|
@@ -82,9 +82,10 @@
|
|
#UsePAM no
|
|
|
|
#AllowAgentForwarding yes
|
|
-#AllowTcpForwarding yes
|
|
-#GatewayPorts no
|
|
-#X11Forwarding no
|
|
+# Feel free to re-enable these if your use case requires them.
|
|
+AllowTcpForwarding no
|
|
+GatewayPorts no
|
|
+X11Forwarding no
|
|
#X11DisplayOffset 10
|
|
#X11UseLocalhost yes
|
|
#PermitTTY yes
|