summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:18 +0000
committerColin Watson <cjwatson@debian.org>2015-09-08 14:50:02 +0100
commitc2ef7b500926be2f7d875d63ec72781b50d69294 (patch)
tree37e3de57ac5cbe2e547837a1dd4f3acec7afaed5 /ssh.1
parentef16932c23264c749f4b02af34dbd62a2075c04f (diff)
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside PermitRootLogin default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2015-08-19 Patch-Name: debian-config.patch
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.121
1 files changed, 21 insertions, 0 deletions
diff --git a/ssh.1 b/ssh.1
index 217886319..e2cce49d3 100644
--- a/ssh.1
+++ b/ssh.1
@@ -670,12 +670,33 @@ option and the
670directive in 670directive in
671.Xr ssh_config 5 671.Xr ssh_config 5
672for more information. 672for more information.
673.Pp
674(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension
675restrictions by default, because too many programs currently crash in this
676mode.
677Set the
678.Cm ForwardX11Trusted
679option to
680.Dq no
681to restore the upstream behaviour.
682This may change in future depending on client-side improvements.)
673.It Fl x 683.It Fl x
674Disables X11 forwarding. 684Disables X11 forwarding.
675.It Fl Y 685.It Fl Y
676Enables trusted X11 forwarding. 686Enables trusted X11 forwarding.
677Trusted X11 forwardings are not subjected to the X11 SECURITY extension 687Trusted X11 forwardings are not subjected to the X11 SECURITY extension
678controls. 688controls.
689.Pp
690(Debian-specific: This option does nothing in the default configuration: it
691is equivalent to
692.Dq Cm ForwardX11Trusted No yes ,
693which is the default as described above.
694Set the
695.Cm ForwardX11Trusted
696option to
697.Dq no
698to restore the upstream behaviour.
699This may change in future depending on client-side improvements.)
679.It Fl y 700.It Fl y
680Send log information using the 701Send log information using the
681.Xr syslog 3 702.Xr syslog 3