summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2005-09-14 14:13:30 +0000
committerColin Watson <cjwatson@debian.org>2005-09-14 14:13:30 +0000
commit4ef56c830fbb00193169bd966d543697277b6878 (patch)
tree3a9b9d5cd3a55f8c02085245982569197893fb71 /debian
parent6bb9329685b7febe07c895b8064535c4251a8d92 (diff)
* Set X11Forwarding to yes in the default sshd_config (new installs only).
At least when X11UseLocalhost is turned on, which is the default, the security risks of using X11 forwarding are risks to the client, not to the server (closes: #320104).
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog4
-rw-r--r--debian/openssh-server.postinst2
2 files changed, 5 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 4f1e2e392..d8e84e46d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,10 @@ openssh (1:4.2p1-1) UNRELEASED; urgency=low
17 * debian/rules: Resynchronise CFLAGS with that generated by configure. 17 * debian/rules: Resynchronise CFLAGS with that generated by configure.
18 * openssh-client and openssh-server conflict with pre-split ssh to avoid 18 * openssh-client and openssh-server conflict with pre-split ssh to avoid
19 problems when ssh is left un-upgraded (closes: #324695). 19 problems when ssh is left un-upgraded (closes: #324695).
20 * Set X11Forwarding to yes in the default sshd_config (new installs only).
21 At least when X11UseLocalhost is turned on, which is the default, the
22 security risks of using X11 forwarding are risks to the client, not to
23 the server (closes: #320104).
20 24
21 -- Colin Watson <cjwatson@debian.org> Wed, 14 Sep 2005 13:35:17 +0100 25 -- Colin Watson <cjwatson@debian.org> Wed, 14 Sep 2005 13:35:17 +0100
22 26
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index ef1412ca7..3bff642a1 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -261,7 +261,7 @@ ChallengeResponseAuthentication no
261# Kerberos TGT Passing does only work with the AFS kaserver 261# Kerberos TGT Passing does only work with the AFS kaserver
262#KerberosTgtPassing yes 262#KerberosTgtPassing yes
263 263
264X11Forwarding no 264X11Forwarding yes
265X11DisplayOffset 10 265X11DisplayOffset 10
266PrintMotd no 266PrintMotd no
267PrintLastLog yes 267PrintLastLog yes