diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:18 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-10-09 23:07:49 +0100 |
commit | 7abde40896668ce9debfe056c7dabc6a70ef7da4 (patch) | |
tree | 56e57f3b57350a1a18cf9798e728af6c12d4a3c7 /ssh.1 | |
parent | ab765b2bd55062a704f09da8f8c1c4ad1d6630a7 (diff) |
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication by default.
sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable
PrintMotd.
sshd: Enable X11Forwarding.
sshd: Set 'AcceptEnv LANG LC_*' by default.
sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server.
Document all of this.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2017-10-04
Patch-Name: debian-config.patch
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -795,6 +795,16 @@ directive in | |||
795 | .Xr ssh_config 5 | 795 | .Xr ssh_config 5 |
796 | for more information. | 796 | for more information. |
797 | .Pp | 797 | .Pp |
798 | (Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension | ||
799 | restrictions by default, because too many programs currently crash in this | ||
800 | mode. | ||
801 | Set the | ||
802 | .Cm ForwardX11Trusted | ||
803 | option to | ||
804 | .Dq no | ||
805 | to restore the upstream behaviour. | ||
806 | This may change in future depending on client-side improvements.) | ||
807 | .Pp | ||
798 | .It Fl x | 808 | .It Fl x |
799 | Disables X11 forwarding. | 809 | Disables X11 forwarding. |
800 | .Pp | 810 | .Pp |
@@ -803,6 +813,17 @@ Enables trusted X11 forwarding. | |||
803 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension | 813 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension |
804 | controls. | 814 | controls. |
805 | .Pp | 815 | .Pp |
816 | (Debian-specific: This option does nothing in the default configuration: it | ||
817 | is equivalent to | ||
818 | .Dq Cm ForwardX11Trusted No yes , | ||
819 | which is the default as described above. | ||
820 | Set the | ||
821 | .Cm ForwardX11Trusted | ||
822 | option to | ||
823 | .Dq no | ||
824 | to restore the upstream behaviour. | ||
825 | This may change in future depending on client-side improvements.) | ||
826 | .Pp | ||
806 | .It Fl y | 827 | .It Fl y |
807 | Send log information using the | 828 | Send log information using the |
808 | .Xr syslog 3 | 829 | .Xr syslog 3 |