summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:18 +0000
committerColin Watson <cjwatson@debian.org>2019-10-09 23:07:49 +0100
commit7abde40896668ce9debfe056c7dabc6a70ef7da4 (patch)
tree56e57f3b57350a1a18cf9798e728af6c12d4a3c7 /ssh.1
parentab765b2bd55062a704f09da8f8c1c4ad1d6630a7 (diff)
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication by default. sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable PrintMotd. sshd: Enable X11Forwarding. sshd: Set 'AcceptEnv LANG LC_*' by default. sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. Document all of this. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2017-10-04 Patch-Name: debian-config.patch
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.121
1 files changed, 21 insertions, 0 deletions
diff --git a/ssh.1 b/ssh.1
index 24530e511..fd495da2c 100644
--- a/ssh.1
+++ b/ssh.1
@@ -795,6 +795,16 @@ directive in
795.Xr ssh_config 5 795.Xr ssh_config 5
796for more information. 796for more information.
797.Pp 797.Pp
798(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension
799restrictions by default, because too many programs currently crash in this
800mode.
801Set the
802.Cm ForwardX11Trusted
803option to
804.Dq no
805to restore the upstream behaviour.
806This may change in future depending on client-side improvements.)
807.Pp
798.It Fl x 808.It Fl x
799Disables X11 forwarding. 809Disables X11 forwarding.
800.Pp 810.Pp
@@ -803,6 +813,17 @@ Enables trusted X11 forwarding.
803Trusted X11 forwardings are not subjected to the X11 SECURITY extension 813Trusted X11 forwardings are not subjected to the X11 SECURITY extension
804controls. 814controls.
805.Pp 815.Pp
816(Debian-specific: This option does nothing in the default configuration: it
817is equivalent to
818.Dq Cm ForwardX11Trusted No yes ,
819which is the default as described above.
820Set the
821.Cm ForwardX11Trusted
822option to
823.Dq no
824to restore the upstream behaviour.
825This may change in future depending on client-side improvements.)
826.Pp
806.It Fl y 827.It Fl y
807Send log information using the 828Send log information using the
808.Xr syslog 3 829.Xr syslog 3