diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:18 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-12-28 20:05:07 +0000 |
commit | 624433c4fff092e3aaaff6aa8954eb93e0387c44 (patch) | |
tree | 51284d83887c5a68fead6cb064e54bc19b727686 /ssh.1 | |
parent | a7e11f49e8d6dfe6b44b24960af5e112cd953ae7 (diff) |
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication by default.
sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable
PrintMotd.
sshd: Enable X11Forwarding.
sshd: Set 'AcceptEnv LANG LC_*' by default.
sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server.
Document all of this.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2016-12-26
Patch-Name: debian-config.patch
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -785,6 +785,16 @@ directive in | |||
785 | .Xr ssh_config 5 | 785 | .Xr ssh_config 5 |
786 | for more information. | 786 | for more information. |
787 | .Pp | 787 | .Pp |
788 | (Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension | ||
789 | restrictions by default, because too many programs currently crash in this | ||
790 | mode. | ||
791 | Set the | ||
792 | .Cm ForwardX11Trusted | ||
793 | option to | ||
794 | .Dq no | ||
795 | to restore the upstream behaviour. | ||
796 | This may change in future depending on client-side improvements.) | ||
797 | .Pp | ||
788 | .It Fl x | 798 | .It Fl x |
789 | Disables X11 forwarding. | 799 | Disables X11 forwarding. |
790 | .Pp | 800 | .Pp |
@@ -793,6 +803,17 @@ Enables trusted X11 forwarding. | |||
793 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension | 803 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension |
794 | controls. | 804 | controls. |
795 | .Pp | 805 | .Pp |
806 | (Debian-specific: This option does nothing in the default configuration: it | ||
807 | is equivalent to | ||
808 | .Dq Cm ForwardX11Trusted No yes , | ||
809 | which is the default as described above. | ||
810 | Set the | ||
811 | .Cm ForwardX11Trusted | ||
812 | option to | ||
813 | .Dq no | ||
814 | to restore the upstream behaviour. | ||
815 | This may change in future depending on client-side improvements.) | ||
816 | .Pp | ||
796 | .It Fl y | 817 | .It Fl y |
797 | Send log information using the | 818 | Send log information using the |
798 | .Xr syslog 3 | 819 | .Xr syslog 3 |