Various Debian-specific configuration changes

ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2015-12-07 Patch-Name: debian-config.patch
author: Colin Watson <cjwatson@debian.org> 2014-02-09 16:10:18 +0000
committer: Colin Watson <cjwatson@debian.org> 2016-08-07 12:18:44 +0100
commit: 4c914ccd85bbf391c4dc61b85e3c178fef465e3f (patch)
tree: 1fe9b624bbfd09f31552db2715334955be2e5327 /ssh_config
parent: fe97848e044743f0bac019a491ddf0138f84e14a (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/ssh_config b/ssh_config
index 4e879cd20..5190b06b1 100644
--- a/ssh_config
+++ b/ssh_config
@@ -17,9 +17,10 @@
 # list of available options, their meanings and defaults, please see the
 # ssh_config(5) man page.
-# Host *
+Host *
 #   ForwardAgent no
 #   ForwardX11 no
+#   ForwardX11Trusted yes
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
@@ -50,3 +51,7 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
+    SendEnv LANG LC_*
+    HashKnownHosts yes
+    GSSAPIAuthentication yes
+    GSSAPIDelegateCredentials no
author	Colin Watson <cjwatson@debian.org>	2014-02-09 16:10:18 +0000
committer	Colin Watson <cjwatson@debian.org>	2016-08-07 12:18:44 +0100
commit	4c914ccd85bbf391c4dc61b85e3c178fef465e3f (patch)
tree	1fe9b624bbfd09f31552db2715334955be2e5327 /ssh_config
parent	fe97848e044743f0bac019a491ddf0138f84e14a (diff)