summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:18 +0000
committerColin Watson <cjwatson@debian.org>2017-08-22 16:24:44 +0100
commitcf60afd3438c444e20b114fbd799168002c74aae (patch)
tree84d004fcc4229ddab1e3b7113a0c644c0305bd9f /ssh_config.5
parent49ea641997b0dce73df3271f10a875cb702729b7 (diff)
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication by default. sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable PrintMotd. sshd: Enable X11Forwarding. sshd: Set 'AcceptEnv LANG LC_*' by default. sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. Document all of this. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2016-12-26 Patch-Name: debian-config.patch
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.519
1 files changed, 18 insertions, 1 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 093ea8a71..fc13fa510 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -74,6 +74,22 @@ Since the first obtained value for each parameter is used, more
74host-specific declarations should be given near the beginning of the 74host-specific declarations should be given near the beginning of the
75file, and general defaults at the end. 75file, and general defaults at the end.
76.Pp 76.Pp
77Note that the Debian
78.Ic openssh-client
79package sets several options as standard in
80.Pa /etc/ssh/ssh_config
81which are not the default in
82.Xr ssh 1 :
83.Pp
84.Bl -bullet -offset indent -compact
85.It
86.Cm SendEnv No LANG LC_*
87.It
88.Cm HashKnownHosts No yes
89.It
90.Cm GSSAPIAuthentication No yes
91.El
92.Pp
77The file contains keyword-argument pairs, one per line. 93The file contains keyword-argument pairs, one per line.
78Lines starting with 94Lines starting with
79.Ql # 95.Ql #
@@ -715,11 +731,12 @@ elapsed.
715.It Cm ForwardX11Trusted 731.It Cm ForwardX11Trusted
716If this option is set to 732If this option is set to
717.Cm yes , 733.Cm yes ,
734(the Debian-specific default),
718remote X11 clients will have full access to the original X11 display. 735remote X11 clients will have full access to the original X11 display.
719.Pp 736.Pp
720If this option is set to 737If this option is set to
721.Cm no 738.Cm no
722(the default), 739(the upstream default),
723remote X11 clients will be considered untrusted and prevented 740remote X11 clients will be considered untrusted and prevented
724from stealing or tampering with data belonging to trusted X11 741from stealing or tampering with data belonging to trusted X11
725clients. 742clients.