From c7d4edd2fe048f263046bec6f3f0bbb4a171e535 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Wed, 18 Jan 2023 08:12:34 -0500
Subject: [PATCH] Add SSH client config and DNSSEC for Kicksecure

Signed-off-by: Tommy <contact@tommytran.io>
---
 kicksecure/kicksecure.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/kicksecure/kicksecure.sh b/kicksecure/kicksecure.sh
index 961251f..7ce60c4 100644
--- a/kicksecure/kicksecure.sh
+++ b/kicksecure/kicksecure.sh
@@ -35,6 +35,14 @@ sudo systemctl enable --now hide-hardware-info.service
 #Install packages
 sudo apt install --no-install-recommends qubes-gpg-split qubes-u2f eog qt5ct qt5-style-plugins arc-theme -y
 
+#Setup SSH client
+echo "GSSAPIAuthentication no" | sudo tee /etc/ssh/ssh_config.d/10-custom.conf
+echo "VerifyHostKeyDNS yes" | sudo tee -a /etc/ssh/ssh_config.d/10-custom.conf
+
+#Force DNSSEC
+sudo sed -i 's/#DNSSEC=no/DNSSEC=yes/g' /etc/systemd/resolved.conf
+sudo systemctl restart systemd-resolved
+
 #Theming
 git config --global http.proxy http://127.0.0.1:8082
 git clone https://github.com/horst3180/arc-icon-theme
@@ -73,4 +81,4 @@ OnCalendar=daily
 Persistent=true
 
 [Install]
-WantedBy=timers.target" | sudo tee /etc/systemd/user/update-user-flatpaks.timer
+WantedBy=timers.target" | sudo tee /etc/systemd/user/update-user-flatpaks.timer
\ No newline at end of file