summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:18 +0000
committerColin Watson <cjwatson@debian.org>2020-10-18 12:07:21 +0100
commita0c9f82b05d33f3e2cf8e5442cee47c09d1a1dd8 (patch)
tree1d383167149b22907153635b676d52f824681d66 /ssh.1
parente8453621b2a26f8d6afec405ff60201749b01e5e (diff)
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication by default. ssh: Include /etc/ssh/ssh_config.d/*.conf. sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable PrintMotd. sshd: Enable X11Forwarding. sshd: Set 'AcceptEnv LANG LC_*' by default. sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. sshd: Include /etc/ssh/sshd_config.d/*.conf. Document all of this. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2020-10-18 Patch-Name: debian-config.patch
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.124
1 files changed, 24 insertions, 0 deletions
diff --git a/ssh.1 b/ssh.1
index 76ddd89b5..ad48fc8c8 100644
--- a/ssh.1
+++ b/ssh.1
@@ -812,6 +812,16 @@ directive in
812.Xr ssh_config 5 812.Xr ssh_config 5
813for more information. 813for more information.
814.Pp 814.Pp
815(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension
816restrictions by default, because too many programs currently crash in this
817mode.
818Set the
819.Cm ForwardX11Trusted
820option to
821.Dq no
822to restore the upstream behaviour.
823This may change in future depending on client-side improvements.)
824.Pp
815.It Fl x 825.It Fl x
816Disables X11 forwarding. 826Disables X11 forwarding.
817.Pp 827.Pp
@@ -820,6 +830,20 @@ Enables trusted X11 forwarding.
820Trusted X11 forwardings are not subjected to the X11 SECURITY extension 830Trusted X11 forwardings are not subjected to the X11 SECURITY extension
821controls. 831controls.
822.Pp 832.Pp
833(Debian-specific: In the default configuration, this option is equivalent to
834.Fl X ,
835since
836.Cm ForwardX11Trusted
837defaults to
838.Dq yes
839as described above.
840Set the
841.Cm ForwardX11Trusted
842option to
843.Dq no
844to restore the upstream behaviour.
845This may change in future depending on client-side improvements.)
846.Pp
823.It Fl y 847.It Fl y
824Send log information using the 848Send log information using the
825.Xr syslog 3 849.Xr syslog 3