summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:18 +0000
committerColin Watson <cjwatson@debian.org>2015-12-07 23:06:46 +0000
commit9351b179c72f18dc1b1d5bb84b2a7dab5e0af3fc (patch)
treed84c03f6160ee5a2640e26127df78cef6f1aa773 /ssh_config.5
parent92c6b1dc352b03c7bdecc6ce9bfef7a3b2b54bbc (diff)
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2015-12-07 Patch-Name: debian-config.patch
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.519
1 files changed, 18 insertions, 1 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index d4928b861..81b9b740f 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -74,6 +74,22 @@ Since the first obtained value for each parameter is used, more
74host-specific declarations should be given near the beginning of the 74host-specific declarations should be given near the beginning of the
75file, and general defaults at the end. 75file, and general defaults at the end.
76.Pp 76.Pp
77Note that the Debian
78.Ic openssh-client
79package sets several options as standard in
80.Pa /etc/ssh/ssh_config
81which are not the default in
82.Xr ssh 1 :
83.Pp
84.Bl -bullet -offset indent -compact
85.It
86.Cm SendEnv No LANG LC_*
87.It
88.Cm HashKnownHosts No yes
89.It
90.Cm GSSAPIAuthentication No yes
91.El
92.Pp
77The configuration file has the following format: 93The configuration file has the following format:
78.Pp 94.Pp
79Empty lines and lines starting with 95Empty lines and lines starting with
@@ -721,7 +737,8 @@ token used for the session will be set to expire after 20 minutes.
721Remote clients will be refused access after this time. 737Remote clients will be refused access after this time.
722.Pp 738.Pp
723The default is 739The default is
724.Dq no . 740.Dq yes
741(Debian-specific).
725.Pp 742.Pp
726See the X11 SECURITY extension specification for full details on 743See the X11 SECURITY extension specification for full details on
727the restrictions imposed on untrusted clients. 744the restrictions imposed on untrusted clients.