summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:18 +0000
committerColin Watson <cjwatson@debian.org>2015-11-29 17:26:21 +0000
commit6d0faf6dc76ac8cc73d6f8e478db7c97f7013a2d (patch)
tree432e549641e322bf661888374c697b96ea1d7620 /ssh.1
parent28b42c7cc08dd3dbdc149281912a41ae65594301 (diff)
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2015-11-29 Patch-Name: debian-config.patch
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.121
1 files changed, 21 insertions, 0 deletions
diff --git a/ssh.1 b/ssh.1
index 05b7f107b..649d6c303 100644
--- a/ssh.1
+++ b/ssh.1
@@ -755,6 +755,16 @@ directive in
755.Xr ssh_config 5 755.Xr ssh_config 5
756for more information. 756for more information.
757.Pp 757.Pp
758(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension
759restrictions by default, because too many programs currently crash in this
760mode.
761Set the
762.Cm ForwardX11Trusted
763option to
764.Dq no
765to restore the upstream behaviour.
766This may change in future depending on client-side improvements.)
767.Pp
758.It Fl x 768.It Fl x
759Disables X11 forwarding. 769Disables X11 forwarding.
760.Pp 770.Pp
@@ -763,6 +773,17 @@ Enables trusted X11 forwarding.
763Trusted X11 forwardings are not subjected to the X11 SECURITY extension 773Trusted X11 forwardings are not subjected to the X11 SECURITY extension
764controls. 774controls.
765.Pp 775.Pp
776(Debian-specific: This option does nothing in the default configuration: it
777is equivalent to
778.Dq Cm ForwardX11Trusted No yes ,
779which is the default as described above.
780Set the
781.Cm ForwardX11Trusted
782option to
783.Dq no
784to restore the upstream behaviour.
785This may change in future depending on client-side improvements.)
786.Pp
766.It Fl y 787.It Fl y
767Send log information using the 788Send log information using the
768.Xr syslog 3 789.Xr syslog 3