diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:18 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-02-12 01:15:31 +0000 |
commit | f08f2d9c3fedf37f97f1b2d06f1fe36af4e5f1c3 (patch) | |
tree | b2cbe2930330a5461c22fd5a0ca8af94346e12d3 /ssh_config.5 | |
parent | 6b7aca6f112d216f321466cc7301b5183e772513 (diff) |
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
default.
sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
PermitRootLogin default.
Document all of this, along with several sshd defaults set in
debian/openssh-server.postinst.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2014-02-12
Patch-Name: debian-config.patch
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 85f306cfd..cc91a5c56 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more | |||
71 | host-specific declarations should be given near the beginning of the | 71 | host-specific declarations should be given near the beginning of the |
72 | file, and general defaults at the end. | 72 | file, and general defaults at the end. |
73 | .Pp | 73 | .Pp |
74 | Note that the Debian | ||
75 | .Ic openssh-client | ||
76 | package sets several options as standard in | ||
77 | .Pa /etc/ssh/ssh_config | ||
78 | which are not the default in | ||
79 | .Xr ssh 1 : | ||
80 | .Pp | ||
81 | .Bl -bullet -offset indent -compact | ||
82 | .It | ||
83 | .Cm SendEnv No LANG LC_* | ||
84 | .It | ||
85 | .Cm HashKnownHosts No yes | ||
86 | .It | ||
87 | .Cm GSSAPIAuthentication No yes | ||
88 | .El | ||
89 | .Pp | ||
74 | The configuration file has the following format: | 90 | The configuration file has the following format: |
75 | .Pp | 91 | .Pp |
76 | Empty lines and lines starting with | 92 | Empty lines and lines starting with |
@@ -648,7 +664,8 @@ token used for the session will be set to expire after 20 minutes. | |||
648 | Remote clients will be refused access after this time. | 664 | Remote clients will be refused access after this time. |
649 | .Pp | 665 | .Pp |
650 | The default is | 666 | The default is |
651 | .Dq no . | 667 | .Dq yes |
668 | (Debian-specific). | ||
652 | .Pp | 669 | .Pp |
653 | See the X11 SECURITY extension specification for full details on | 670 | See the X11 SECURITY extension specification for full details on |
654 | the restrictions imposed on untrusted clients. | 671 | the restrictions imposed on untrusted clients. |