3 files changed, 45 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 0f313a92f..16d9b2b1b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -50,6 +50,8 @@ openssh (1:4.7p1-1) UNRELEASED; urgency=low
    easier.
  * Remove the hideously old /etc/ssh/primes on upgrade (closes: #123013).
  * Update moduli(5) to revision 1.11 from OpenBSD CVS.
+  * Document the non-default options we set as standard in ssh_config(5) and
+    sshd_config(5) (closes: #327886, #345628).
 -- Colin Watson <cjwatson@debian.org>  Sun, 23 Dec 2007 12:53:46 +0000
diff --git a/ssh_config.5 b/ssh_config.5
index 585a36878..b048a54f5 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -72,6 +72,22 @@ Since the first obtained value for each parameter is used, more
 host-specific declarations should be given near the beginning of the
 file, and general defaults at the end.
 .Pp
+Note that the Debian
+.Ic openssh-client
+package sets several options as standard in
+.Pa /etc/ssh/ssh_config
+which are not the default in
+.Xr ssh 1 :
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+.Cm SendEnv No LANG LC_*
+.It
+.Cm HashKnownHosts No yes
+.It
+.Cm GSSAPIAuthentication No yes
+.El
+.Pp
 The configuration file has the following format:
 .Pp
 Empty lines and lines starting with
diff --git a/sshd_config.5 b/sshd_config.5
index 54b757b7f..fab43af42 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -58,6 +58,33 @@ Arguments may optionally be enclosed in double quotes
 .Pq \&"
 in order to represent arguments containing spaces.
 .Pp
+Note that the Debian
+.Ic openssh-server
+package sets several options as standard in
+.Pa /etc/ssh/sshd_config
+which are not the default in
+.Xr sshd 8 .
+The exact list depends on whether the package was installed fresh or
+upgraded from various possible previous versions, but includes at least the
+following:
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+.Cm Protocol No 2
+.It
+.Cm ChallengeResponseAuthentication No no
+.It
+.Cm X11Forwarding No yes
+.It
+.Cm PrintMotd No no
+.It
+.Cm AcceptEnv No LANG LC_*
+.It
+.Cm Subsystem No sftp /usr/lib/openssh/sftp-server
+.It
+.Cm UsePAM No yes
+.El
+.Pp
 The possible
 keywords and their meanings are as follows (note that
 keywords are case-insensitive and arguments are case-sensitive):

diff --git a/debian/changelog b/debian/changelog index 0f313a92f..16d9b2b1b 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -50,6 +50,8 @@ openssh (1:4.7p1-1) UNRELEASED; urgency=low
50	easier.	50	easier.
51	* Remove the hideously old /etc/ssh/primes on upgrade (closes: #123013).	51	* Remove the hideously old /etc/ssh/primes on upgrade (closes: #123013).
52	* Update moduli(5) to revision 1.11 from OpenBSD CVS.	52	* Update moduli(5) to revision 1.11 from OpenBSD CVS.
		53	* Document the non-default options we set as standard in ssh_config(5) and
		54	sshd_config(5) (closes: #327886, #345628).
53		55
54	-- Colin Watson <cjwatson@debian.org> Sun, 23 Dec 2007 12:53:46 +0000	56	-- Colin Watson <cjwatson@debian.org> Sun, 23 Dec 2007 12:53:46 +0000
55		57


diff --git a/ssh_config.5 b/ssh_config.5 index 585a36878..b048a54f5 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -72,6 +72,22 @@ Since the first obtained value for each parameter is used, more
72	host-specific declarations should be given near the beginning of the	72	host-specific declarations should be given near the beginning of the
73	file, and general defaults at the end.	73	file, and general defaults at the end.
74	.Pp	74	.Pp
		75	Note that the Debian
		76	.Ic openssh-client
		77	package sets several options as standard in
		78	.Pa /etc/ssh/ssh_config
		79	which are not the default in
		80	.Xr ssh 1 :
		81	.Pp
		82	.Bl -bullet -offset indent -compact
		83	.It
		84	.Cm SendEnv No LANG LC_*
		85	.It
		86	.Cm HashKnownHosts No yes
		87	.It
		88	.Cm GSSAPIAuthentication No yes
		89	.El
		90	.Pp
75	The configuration file has the following format:	91	The configuration file has the following format:
76	.Pp	92	.Pp
77	Empty lines and lines starting with	93	Empty lines and lines starting with


diff --git a/sshd_config.5 b/sshd_config.5 index 54b757b7f..fab43af42 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -58,6 +58,33 @@ Arguments may optionally be enclosed in double quotes
58	.Pq \&"	58	.Pq \&"
59	in order to represent arguments containing spaces.	59	in order to represent arguments containing spaces.
60	.Pp	60	.Pp
		61	Note that the Debian
		62	.Ic openssh-server
		63	package sets several options as standard in
		64	.Pa /etc/ssh/sshd_config
		65	which are not the default in
		66	.Xr sshd 8 .
		67	The exact list depends on whether the package was installed fresh or
		68	upgraded from various possible previous versions, but includes at least the
		69	following:
		70	.Pp
		71	.Bl -bullet -offset indent -compact
		72	.It
		73	.Cm Protocol No 2
		74	.It
		75	.Cm ChallengeResponseAuthentication No no
		76	.It
		77	.Cm X11Forwarding No yes
		78	.It
		79	.Cm PrintMotd No no
		80	.It
		81	.Cm AcceptEnv No LANG LC_*
		82	.It
		83	.Cm Subsystem No sftp /usr/lib/openssh/sftp-server
		84	.It
		85	.Cm UsePAM No yes
		86	.El
		87	.Pp
61	The possible	88	The possible
62	keywords and their meanings are as follows (note that	89	keywords and their meanings are as follows (note that
63	keywords are case-insensitive and arguments are case-sensitive):	90	keywords are case-insensitive and arguments are case-sensitive):