Various Debian-specific configuration changes

ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication by default. ssh: Include /etc/ssh/ssh_config.d/*.conf. sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable PrintMotd. sshd: Enable X11Forwarding. sshd: Set 'AcceptEnv LANG LC_*' by default. sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. sshd: Include /etc/ssh/sshd_config.d/*.conf. Document all of this. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2020-02-21 Patch-Name: debian-config.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:10:18 +0000
committer: Colin Watson <cjwatson@debian.org> 2020-06-07 10:25:35 +0100
commit: 08ca1225e6979fc6b5b6e7f85ce5cb0ac5cc7405 (patch)
tree: 6affe2fe4794807f180fe50ffd800b23dd653414 /ssh.1
parent: fe8c9983321154a61f4f06be602f925f1fd24ee7 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/ssh.1 b/ssh.1
index 5a31b5dde..035823da3 100644
--- a/ssh.1
+++ b/ssh.1
@@ -812,6 +812,16 @@ directive in
 .Xr ssh_config 5
 for more information.
 .Pp
+(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension
+restrictions by default, because too many programs currently crash in this
+mode.
+Set the
+.Cm ForwardX11Trusted
+option to
+.Dq no
+to restore the upstream behaviour.
+This may change in future depending on client-side improvements.)
+.Pp
 .It Fl x
 Disables X11 forwarding.
 .Pp
@@ -820,6 +830,20 @@ Enables trusted X11 forwarding.
 Trusted X11 forwardings are not subjected to the X11 SECURITY extension
 controls.
 .Pp
+(Debian-specific: In the default configuration, this option is equivalent to
+.Fl X ,
+since
+.Cm ForwardX11Trusted
+defaults to
+.Dq yes
+as described above.
+Set the
+.Cm ForwardX11Trusted
+option to
+.Dq no
+to restore the upstream behaviour.
+This may change in future depending on client-side improvements.)
+.Pp
 .It Fl y
 Send log information using the
 .Xr syslog 3
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:10:18 +0000
committer	Colin Watson <cjwatson@debian.org>	2020-06-07 10:25:35 +0100
commit	08ca1225e6979fc6b5b6e7f85ce5cb0ac5cc7405 (patch)
tree	6affe2fe4794807f180fe50ffd800b23dd653414 /ssh.1
parent	fe8c9983321154a61f4f06be602f925f1fd24ee7 (diff)

diff --git a/ssh.1 b/ssh.1 index 5a31b5dde..035823da3 100644 --- a/ssh.1 +++ b/ssh.1
@@ -812,6 +812,16 @@ directive in
812	.Xr ssh_config 5	812	.Xr ssh_config 5
813	for more information.	813	for more information.
814	.Pp	814	.Pp
		815	(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension
		816	restrictions by default, because too many programs currently crash in this
		817	mode.
		818	Set the
		819	.Cm ForwardX11Trusted
		820	option to
		821	.Dq no
		822	to restore the upstream behaviour.
		823	This may change in future depending on client-side improvements.)
		824	.Pp
815	.It Fl x	825	.It Fl x
816	Disables X11 forwarding.	826	Disables X11 forwarding.
817	.Pp	827	.Pp
@@ -820,6 +830,20 @@ Enables trusted X11 forwarding.
820	Trusted X11 forwardings are not subjected to the X11 SECURITY extension	830	Trusted X11 forwardings are not subjected to the X11 SECURITY extension
821	controls.	831	controls.
822	.Pp	832	.Pp
		833	(Debian-specific: In the default configuration, this option is equivalent to
		834	.Fl X ,
		835	since
		836	.Cm ForwardX11Trusted
		837	defaults to
		838	.Dq yes
		839	as described above.
		840	Set the
		841	.Cm ForwardX11Trusted
		842	option to
		843	.Dq no
		844	to restore the upstream behaviour.
		845	This may change in future depending on client-side improvements.)
		846	.Pp
823	.It Fl y	847	.It Fl y
824	Send log information using the	848	Send log information using the
825	.Xr syslog 3	849	.Xr syslog 3