diff options
Diffstat (limited to 'debian/README.Debian')
-rw-r--r-- | debian/README.Debian | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian index 614dd08f6..13d005ac0 100644 --- a/debian/README.Debian +++ b/debian/README.Debian | |||
@@ -171,6 +171,39 @@ ssh is compiled without support for kerberos authentication, and there are | |||
171 | no current plans to support this. Thus the KerberosAuthentication and | 171 | no current plans to support this. Thus the KerberosAuthentication and |
172 | KerberosTgtPassing options will not be recognised. | 172 | KerberosTgtPassing options will not be recognised. |
173 | 173 | ||
174 | Setgid ssh-agent and environment variables: | ||
175 | ------------------------------------------- | ||
176 | ssh-agent is installed setgid as of version 1:3.5p1-1 to prevent ptrace() | ||
177 | attacks retrieving private key material. This has the side-effect of causing | ||
178 | glibc to remove certain environment variables which might have security | ||
179 | implications for set-id programs, including LD_PRELOAD, LD_LIBRARY_PATH, and | ||
180 | TMPDIR. | ||
181 | |||
182 | If you need to set any of these environment variables, you will need to do | ||
183 | so in the program exec()ed by ssh-agent. This may involve creating a small | ||
184 | wrapper script. | ||
185 | |||
186 | Symlink Hostname invocation: | ||
187 | ---------------------------- | ||
188 | This version of ssh no longer includes support for invoking ssh with the | ||
189 | hostname as the name of the file run. People wanting this support should | ||
190 | use the ssh-argv0 script. | ||
191 | |||
192 | Interoperability between scp and the ssh.com SSH server: | ||
193 | -------------------------------------------------------- | ||
194 | In version 2 and greater of the commercial SSH server produced by SSH | ||
195 | Communications Security, scp was changed to use SFTP (SSH2's file transfer | ||
196 | protocol) instead of the traditional rcp-over-ssh, thereby breaking | ||
197 | compatibility. The OpenSSH developers regard this as a bug in the ssh.com | ||
198 | server, and do not currently intend to change OpenSSH's scp to match. | ||
199 | |||
200 | Workarounds for this problem are to install scp1 on the server (scp2 will | ||
201 | fall back to it), to use sftp, or to use some other transfer mechanism such | ||
202 | as rsync-over-ssh or tar-over-ssh. | ||
203 | |||
174 | -- | 204 | -- |
175 | Matthew Vernon | 205 | Matthew Vernon |
176 | <matthew@debian.org> | 206 | <matthew@debian.org> |
207 | and | ||
208 | Colin Watson | ||
209 | <cjwatson@debian.org> | ||