diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:18 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2015-11-29 17:26:21 +0000 |
commit | 6d0faf6dc76ac8cc73d6f8e478db7c97f7013a2d (patch) | |
tree | 432e549641e322bf661888374c697b96ea1d7620 /ssh.1 | |
parent | 28b42c7cc08dd3dbdc149281912a41ae65594301 (diff) |
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
default.
Document all of this, along with several sshd defaults set in
debian/openssh-server.postinst.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2015-11-29
Patch-Name: debian-config.patch
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -755,6 +755,16 @@ directive in | |||
755 | .Xr ssh_config 5 | 755 | .Xr ssh_config 5 |
756 | for more information. | 756 | for more information. |
757 | .Pp | 757 | .Pp |
758 | (Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension | ||
759 | restrictions by default, because too many programs currently crash in this | ||
760 | mode. | ||
761 | Set the | ||
762 | .Cm ForwardX11Trusted | ||
763 | option to | ||
764 | .Dq no | ||
765 | to restore the upstream behaviour. | ||
766 | This may change in future depending on client-side improvements.) | ||
767 | .Pp | ||
758 | .It Fl x | 768 | .It Fl x |
759 | Disables X11 forwarding. | 769 | Disables X11 forwarding. |
760 | .Pp | 770 | .Pp |
@@ -763,6 +773,17 @@ Enables trusted X11 forwarding. | |||
763 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension | 773 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension |
764 | controls. | 774 | controls. |
765 | .Pp | 775 | .Pp |
776 | (Debian-specific: This option does nothing in the default configuration: it | ||
777 | is equivalent to | ||
778 | .Dq Cm ForwardX11Trusted No yes , | ||
779 | which is the default as described above. | ||
780 | Set the | ||
781 | .Cm ForwardX11Trusted | ||
782 | option to | ||
783 | .Dq no | ||
784 | to restore the upstream behaviour. | ||
785 | This may change in future depending on client-side improvements.) | ||
786 | .Pp | ||
766 | .It Fl y | 787 | .It Fl y |
767 | Send log information using the | 788 | Send log information using the |
768 | .Xr syslog 3 | 789 | .Xr syslog 3 |