summaryrefslogtreecommitdiff
path: root/ssh_config
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:18 +0000
committerColin Watson <cjwatson@debian.org>2016-02-29 12:35:37 +0000
commit85e40e87a75fb80a0bf893ac05a417d6c353537d (patch)
tree0f76f9976afd1622fe4fd2258fa0136a4ac75312 /ssh_config
parenta7c8a6babe3b4c47fd00bdbefc22fc10d97b9a26 (diff)
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2015-12-07 Patch-Name: debian-config.patch
Diffstat (limited to 'ssh_config')
-rw-r--r--ssh_config7
1 files changed, 6 insertions, 1 deletions
diff --git a/ssh_config b/ssh_config
index 4e879cd20..5190b06b1 100644
--- a/ssh_config
+++ b/ssh_config
@@ -17,9 +17,10 @@
17# list of available options, their meanings and defaults, please see the 17# list of available options, their meanings and defaults, please see the
18# ssh_config(5) man page. 18# ssh_config(5) man page.
19 19
20# Host * 20Host *
21# ForwardAgent no 21# ForwardAgent no
22# ForwardX11 no 22# ForwardX11 no
23# ForwardX11Trusted yes
23# RhostsRSAAuthentication no 24# RhostsRSAAuthentication no
24# RSAAuthentication yes 25# RSAAuthentication yes
25# PasswordAuthentication yes 26# PasswordAuthentication yes
@@ -50,3 +51,7 @@
50# VisualHostKey no 51# VisualHostKey no
51# ProxyCommand ssh -q -W %h:%p gateway.example.com 52# ProxyCommand ssh -q -W %h:%p gateway.example.com
52# RekeyLimit 1G 1h 53# RekeyLimit 1G 1h
54 SendEnv LANG LC_*
55 HashKnownHosts yes
56 GSSAPIAuthentication yes
57 GSSAPIDelegateCredentials no