[PR #3885] [MERGED] ssh: Refactor, fix bugs & harden #4925

New issue

Closed

opened 2026-05-05 10:29:06 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:29:06 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/3885
Author: @kmk3
Created: 1/12/2021
Status: ✅ Merged
Merged: 1/30/2021
Merged by: @undefined

Base: master ← Head: fix-ssh

📝 Commits (7)

add6ee8 ssh: move auth socket blacklist to disable-common.inc
e607096 git-cola.profile: add missing python template comment
83ac023 etc: add allow-ssh.inc
3849e12 allow-ssh.inc: allow /etc/ssh/ssh_config
f8df786 ssh: deny access to the rest of /etc/ssh/*
90f2d73 allow-ssh.inc: allow access to ssh-agent(1)
2ec3f3a disable-common.inc: add missing openssh paths

📊 Changes

19 files changed (+69 additions, -22 deletions)

View changed files

➕ etc/inc/allow-ssh.inc (+8 -0)
📝 etc/inc/disable-common.inc (+13 -1)
📝 etc/inc/disable-programs.inc (+0 -1)
📝 etc/profile-a-l/android-studio.profile (+3 -1)
📝 etc/profile-a-l/aosp.profile (+3 -1)
📝 etc/profile-a-l/clion.profile (+3 -1)
📝 etc/profile-a-l/filezilla.profile (+3 -1)
📝 etc/profile-a-l/git-cola.profile (+4 -1)
📝 etc/profile-a-l/git.profile (+3 -1)
📝 etc/profile-a-l/gitg.profile (+3 -1)
📝 etc/profile-a-l/idea.sh.profile (+3 -1)
📝 etc/profile-m-z/meld.profile (+3 -1)
📝 etc/profile-m-z/remmina.profile (+3 -1)
📝 etc/profile-m-z/seahorse.profile (+3 -2)
📝 etc/profile-m-z/ssh-agent.profile (+2 -3)
📝 etc/profile-m-z/ssh.profile (+3 -3)
📝 etc/profile-m-z/webstorm.profile (+3 -1)
📝 etc/profile-m-z/x2goclient.profile (+3 -1)
📝 etc/templates/profile.template (+3 -0)

📄 Description

$ git log --reverse --pretty='* %s' master..
* etc: add allow-ssh.inc
* allow-ssh.inc: allow /etc/ssh/ssh_config
* ssh: deny access to the rest of /etc/ssh/*
* allow-ssh.inc: allow access to ssh-agent(1)
* disable-common.inc: add missing openssh paths
* disable-common.inc: mark ~/.ssh as read-only

Note: As mentioned on #3845, please don't squash any commits; use normal merge
or rebase instead.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/3885 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 1/12/2021 **Status:** ✅ Merged **Merged:** 1/30/2021 **Merged by:** [@undefined](undefined) **Base:** `master` ← **Head:** `fix-ssh` --- ### 📝 Commits (7) - [`add6ee8`](https://github.com/netblue30/firejail/commit/add6ee8c23bc500c27ba9e4258be8d0f7a26945e) ssh: move auth socket blacklist to disable-common.inc - [`e607096`](https://github.com/netblue30/firejail/commit/e607096c7548f9ba3fff816191f5ecef238fa89f) git-cola.profile: add missing python template comment - [`83ac023`](https://github.com/netblue30/firejail/commit/83ac0239722f85ffed15e3b6b6088bfff547ac1b) etc: add allow-ssh.inc - [`3849e12`](https://github.com/netblue30/firejail/commit/3849e1201d4e076af4039a1400e05be2006630e5) allow-ssh.inc: allow /etc/ssh/ssh_config - [`f8df786`](https://github.com/netblue30/firejail/commit/f8df786908bb9e4c8a5ec6b65e4a7b0b178954e1) ssh: deny access to the rest of /etc/ssh/* - [`90f2d73`](https://github.com/netblue30/firejail/commit/90f2d736948ae069fc8d43d2fe5566b0c2c70b59) allow-ssh.inc: allow access to ssh-agent(1) - [`2ec3f3a`](https://github.com/netblue30/firejail/commit/2ec3f3a96508bef3fd8b6b4788557ee19589db05) disable-common.inc: add missing openssh paths ### 📊 Changes **19 files changed** (+69 additions, -22 deletions) <details> <summary>View changed files</summary> ➕ `etc/inc/allow-ssh.inc` (+8 -0) 📝 `etc/inc/disable-common.inc` (+13 -1) 📝 `etc/inc/disable-programs.inc` (+0 -1) 📝 `etc/profile-a-l/android-studio.profile` (+3 -1) 📝 `etc/profile-a-l/aosp.profile` (+3 -1) 📝 `etc/profile-a-l/clion.profile` (+3 -1) 📝 `etc/profile-a-l/filezilla.profile` (+3 -1) 📝 `etc/profile-a-l/git-cola.profile` (+4 -1) 📝 `etc/profile-a-l/git.profile` (+3 -1) 📝 `etc/profile-a-l/gitg.profile` (+3 -1) 📝 `etc/profile-a-l/idea.sh.profile` (+3 -1) 📝 `etc/profile-m-z/meld.profile` (+3 -1) 📝 `etc/profile-m-z/remmina.profile` (+3 -1) 📝 `etc/profile-m-z/seahorse.profile` (+3 -2) 📝 `etc/profile-m-z/ssh-agent.profile` (+2 -3) 📝 `etc/profile-m-z/ssh.profile` (+3 -3) 📝 `etc/profile-m-z/webstorm.profile` (+3 -1) 📝 `etc/profile-m-z/x2goclient.profile` (+3 -1) 📝 `etc/templates/profile.template` (+3 -0) </details> ### 📄 Description ```console $ git log --reverse --pretty='* %s' master.. * etc: add allow-ssh.inc * allow-ssh.inc: allow /etc/ssh/ssh_config * ssh: deny access to the rest of /etc/ssh/* * allow-ssh.inc: allow access to ssh-agent(1) * disable-common.inc: add missing openssh paths * disable-common.inc: mark ~/.ssh as read-only ``` Note: As mentioned on #3845, please don't squash any commits; use normal merge or rebase instead. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:29:06 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#4925

No description provided.

Rows
Columns