Locking down your SSH Server and Client

The formatting looks good now.

Could you please compare Debian default /etc/ssh/ssh_config and /etc/ssh/sshd_config with wiki version?

For example

  • Debian default ForwardAgent: not set
  • upstream default ForwardAgent: no
  • Whonix wiki config ForwardAgent: yes

Should only derivative from default config if we have a good reason for it which then needs to be documented with a comment above that option.


Anyone: please also read about each option here

for upstream defaults, recommendations, warnings, etc.