diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:18 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2015-09-08 14:50:02 +0100 |
commit | c2ef7b500926be2f7d875d63ec72781b50d69294 (patch) | |
tree | 37e3de57ac5cbe2e547837a1dd4f3acec7afaed5 /ssh.1 | |
parent | ef16932c23264c749f4b02af34dbd62a2075c04f (diff) |
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
default.
sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
PermitRootLogin default.
Document all of this, along with several sshd defaults set in
debian/openssh-server.postinst.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2015-08-19
Patch-Name: debian-config.patch
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -670,12 +670,33 @@ option and the | |||
670 | directive in | 670 | directive in |
671 | .Xr ssh_config 5 | 671 | .Xr ssh_config 5 |
672 | for more information. | 672 | for more information. |
673 | .Pp | ||
674 | (Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension | ||
675 | restrictions by default, because too many programs currently crash in this | ||
676 | mode. | ||
677 | Set the | ||
678 | .Cm ForwardX11Trusted | ||
679 | option to | ||
680 | .Dq no | ||
681 | to restore the upstream behaviour. | ||
682 | This may change in future depending on client-side improvements.) | ||
673 | .It Fl x | 683 | .It Fl x |
674 | Disables X11 forwarding. | 684 | Disables X11 forwarding. |
675 | .It Fl Y | 685 | .It Fl Y |
676 | Enables trusted X11 forwarding. | 686 | Enables trusted X11 forwarding. |
677 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension | 687 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension |
678 | controls. | 688 | controls. |
689 | .Pp | ||
690 | (Debian-specific: This option does nothing in the default configuration: it | ||
691 | is equivalent to | ||
692 | .Dq Cm ForwardX11Trusted No yes , | ||
693 | which is the default as described above. | ||
694 | Set the | ||
695 | .Cm ForwardX11Trusted | ||
696 | option to | ||
697 | .Dq no | ||
698 | to restore the upstream behaviour. | ||
699 | This may change in future depending on client-side improvements.) | ||
679 | .It Fl y | 700 | .It Fl y |
680 | Send log information using the | 701 | Send log information using the |
681 | .Xr syslog 3 | 702 | .Xr syslog 3 |