diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:18 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2020-10-18 12:07:21 +0100 |
commit | a0c9f82b05d33f3e2cf8e5442cee47c09d1a1dd8 (patch) | |
tree | 1d383167149b22907153635b676d52f824681d66 /ssh.1 | |
parent | e8453621b2a26f8d6afec405ff60201749b01e5e (diff) |
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication by default.
ssh: Include /etc/ssh/ssh_config.d/*.conf.
sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable
PrintMotd.
sshd: Enable X11Forwarding.
sshd: Set 'AcceptEnv LANG LC_*' by default.
sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server.
sshd: Include /etc/ssh/sshd_config.d/*.conf.
Document all of this.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2020-10-18
Patch-Name: debian-config.patch
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -812,6 +812,16 @@ directive in | |||
812 | .Xr ssh_config 5 | 812 | .Xr ssh_config 5 |
813 | for more information. | 813 | for more information. |
814 | .Pp | 814 | .Pp |
815 | (Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension | ||
816 | restrictions by default, because too many programs currently crash in this | ||
817 | mode. | ||
818 | Set the | ||
819 | .Cm ForwardX11Trusted | ||
820 | option to | ||
821 | .Dq no | ||
822 | to restore the upstream behaviour. | ||
823 | This may change in future depending on client-side improvements.) | ||
824 | .Pp | ||
815 | .It Fl x | 825 | .It Fl x |
816 | Disables X11 forwarding. | 826 | Disables X11 forwarding. |
817 | .Pp | 827 | .Pp |
@@ -820,6 +830,20 @@ Enables trusted X11 forwarding. | |||
820 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension | 830 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension |
821 | controls. | 831 | controls. |
822 | .Pp | 832 | .Pp |
833 | (Debian-specific: In the default configuration, this option is equivalent to | ||
834 | .Fl X , | ||
835 | since | ||
836 | .Cm ForwardX11Trusted | ||
837 | defaults to | ||
838 | .Dq yes | ||
839 | as described above. | ||
840 | Set the | ||
841 | .Cm ForwardX11Trusted | ||
842 | option to | ||
843 | .Dq no | ||
844 | to restore the upstream behaviour. | ||
845 | This may change in future depending on client-side improvements.) | ||
846 | .Pp | ||
823 | .It Fl y | 847 | .It Fl y |
824 | Send log information using the | 848 | Send log information using the |
825 | .Xr syslog 3 | 849 | .Xr syslog 3 |