diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:18 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2020-10-18 12:07:21 +0100 |
commit | a0c9f82b05d33f3e2cf8e5442cee47c09d1a1dd8 (patch) | |
tree | 1d383167149b22907153635b676d52f824681d66 /sshd_config.5 | |
parent | e8453621b2a26f8d6afec405ff60201749b01e5e (diff) |
Various Debian-specific configuration changes
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication by default.
ssh: Include /etc/ssh/ssh_config.d/*.conf.
sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable
PrintMotd.
sshd: Enable X11Forwarding.
sshd: Set 'AcceptEnv LANG LC_*' by default.
sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server.
sshd: Include /etc/ssh/sshd_config.d/*.conf.
Document all of this.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2020-10-18
Patch-Name: debian-config.patch
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 32ae46476..472001dd1 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -56,6 +56,35 @@ Arguments may optionally be enclosed in double quotes | |||
56 | .Pq \&" | 56 | .Pq \&" |
57 | in order to represent arguments containing spaces. | 57 | in order to represent arguments containing spaces. |
58 | .Pp | 58 | .Pp |
59 | Note that the Debian | ||
60 | .Ic openssh-server | ||
61 | package sets several options as standard in | ||
62 | .Pa /etc/ssh/sshd_config | ||
63 | which are not the default in | ||
64 | .Xr sshd 8 : | ||
65 | .Pp | ||
66 | .Bl -bullet -offset indent -compact | ||
67 | .It | ||
68 | .Cm Include /etc/ssh/sshd_config.d/*.conf | ||
69 | .It | ||
70 | .Cm ChallengeResponseAuthentication No no | ||
71 | .It | ||
72 | .Cm X11Forwarding No yes | ||
73 | .It | ||
74 | .Cm PrintMotd No no | ||
75 | .It | ||
76 | .Cm AcceptEnv No LANG LC_* | ||
77 | .It | ||
78 | .Cm Subsystem No sftp /usr/lib/openssh/sftp-server | ||
79 | .It | ||
80 | .Cm UsePAM No yes | ||
81 | .El | ||
82 | .Pp | ||
83 | .Pa /etc/ssh/sshd_config.d/*.conf | ||
84 | files are included at the start of the configuration file, so options set | ||
85 | there will override those in | ||
86 | .Pa /etc/ssh/sshd_config. | ||
87 | .Pp | ||
59 | The possible | 88 | The possible |
60 | keywords and their meanings are as follows (note that | 89 | keywords and their meanings are as follows (note that |
61 | keywords are case-insensitive and arguments are case-sensitive): | 90 | keywords are case-insensitive and arguments are case-sensitive): |