summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:18 +0000
committerColin Watson <cjwatson@debian.org>2016-08-07 12:18:44 +0100
commit4c914ccd85bbf391c4dc61b85e3c178fef465e3f (patch)
tree1fe9b624bbfd09f31552db2715334955be2e5327 /ssh.1
parentfe97848e044743f0bac019a491ddf0138f84e14a (diff)
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2015-12-07 Patch-Name: debian-config.patch
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.121
1 files changed, 21 insertions, 0 deletions
diff --git a/ssh.1 b/ssh.1
index 22e56a7b9..6aa57c462 100644
--- a/ssh.1
+++ b/ssh.1
@@ -785,6 +785,16 @@ directive in
785.Xr ssh_config 5 785.Xr ssh_config 5
786for more information. 786for more information.
787.Pp 787.Pp
788(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension
789restrictions by default, because too many programs currently crash in this
790mode.
791Set the
792.Cm ForwardX11Trusted
793option to
794.Dq no
795to restore the upstream behaviour.
796This may change in future depending on client-side improvements.)
797.Pp
788.It Fl x 798.It Fl x
789Disables X11 forwarding. 799Disables X11 forwarding.
790.Pp 800.Pp
@@ -793,6 +803,17 @@ Enables trusted X11 forwarding.
793Trusted X11 forwardings are not subjected to the X11 SECURITY extension 803Trusted X11 forwardings are not subjected to the X11 SECURITY extension
794controls. 804controls.
795.Pp 805.Pp
806(Debian-specific: This option does nothing in the default configuration: it
807is equivalent to
808.Dq Cm ForwardX11Trusted No yes ,
809which is the default as described above.
810Set the
811.Cm ForwardX11Trusted
812option to
813.Dq no
814to restore the upstream behaviour.
815This may change in future depending on client-side improvements.)
816.Pp
796.It Fl y 817.It Fl y
797Send log information using the 818Send log information using the
798.Xr syslog 3 819.Xr syslog 3