## Copyright (C) 2023 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## Please use "/etc/permission-hardener.d/20_user.conf" or
## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
## configuration. When security-misc-shared is updated, this file may be
## overwritten.

## Used for SSH client key management
## https://manpages.debian.org/ssh-agent
## Debian installs ssh-agent with setgid permissions (2755) and with
## _ssh as the group to help mitigate ptrace attacks that could extract
## private keys from the agent's memory.
ssh-agent matchwhitelist

## Used only for SSH host-based authentication
## https://manpages.debian.org/ssh-keysign
## Needed to allow access to the machine's host key for use in the
## authentication process. This is a non-default method of authenticating to
## SSH, and is likely rarely used, thus this should be safe to disable.
#ssh-keysign matchwhitelist
#/usr/lib/openssh matchwhitelist