summaryrefslogtreecommitdiff
path: root/debian/patches/debian-config.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/debian-config.patch')
-rw-r--r--debian/patches/debian-config.patch49
1 files changed, 16 insertions, 33 deletions
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index dd33c00a6..aae4e7d34 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
1From 0cce5c4c1de33c4172ce8ebc0f93e717995779f8 Mon Sep 17 00:00:00 2001 1From 6d0faf6dc76ac8cc73d6f8e478db7c97f7013a2d Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:18 +0000 3Date: Sun, 9 Feb 2014 16:10:18 +0000
4Subject: Various Debian-specific configuration changes 4Subject: Various Debian-specific configuration changes
@@ -14,15 +14,12 @@ worms.
14ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by 14ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
15default. 15default.
16 16
17sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
18PermitRootLogin default.
19
20Document all of this, along with several sshd defaults set in 17Document all of this, along with several sshd defaults set in
21debian/openssh-server.postinst. 18debian/openssh-server.postinst.
22 19
23Author: Russ Allbery <rra@debian.org> 20Author: Russ Allbery <rra@debian.org>
24Forwarded: not-needed 21Forwarded: not-needed
25Last-Update: 2015-08-19 22Last-Update: 2015-11-29
26 23
27Patch-Name: debian-config.patch 24Patch-Name: debian-config.patch
28--- 25---
@@ -30,15 +27,14 @@ Patch-Name: debian-config.patch
30 ssh.1 | 21 +++++++++++++++++++++ 27 ssh.1 | 21 +++++++++++++++++++++
31 ssh_config | 7 ++++++- 28 ssh_config | 7 ++++++-
32 ssh_config.5 | 19 ++++++++++++++++++- 29 ssh_config.5 | 19 ++++++++++++++++++-
33 sshd_config | 3 ++-
34 sshd_config.5 | 25 +++++++++++++++++++++++++ 30 sshd_config.5 | 25 +++++++++++++++++++++++++
35 6 files changed, 73 insertions(+), 4 deletions(-) 31 5 files changed, 71 insertions(+), 3 deletions(-)
36 32
37diff --git a/readconf.c b/readconf.c 33diff --git a/readconf.c b/readconf.c
38index 5f6c37f..f0769b5 100644 34index c0ba5a7..e4e1cba 100644
39--- a/readconf.c 35--- a/readconf.c
40+++ b/readconf.c 36+++ b/readconf.c
41@@ -1748,7 +1748,7 @@ fill_default_options(Options * options) 37@@ -1749,7 +1749,7 @@ fill_default_options(Options * options)
42 if (options->forward_x11 == -1) 38 if (options->forward_x11 == -1)
43 options->forward_x11 = 0; 39 options->forward_x11 = 0;
44 if (options->forward_x11_trusted == -1) 40 if (options->forward_x11_trusted == -1)
@@ -48,14 +44,13 @@ index 5f6c37f..f0769b5 100644
48 options->forward_x11_timeout = 1200; 44 options->forward_x11_timeout = 1200;
49 if (options->exit_on_forward_failure == -1) 45 if (options->exit_on_forward_failure == -1)
50diff --git a/ssh.1 b/ssh.1 46diff --git a/ssh.1 b/ssh.1
51index 2178863..e2cce49 100644 47index 05b7f10..649d6c3 100644
52--- a/ssh.1 48--- a/ssh.1
53+++ b/ssh.1 49+++ b/ssh.1
54@@ -670,12 +670,33 @@ option and the 50@@ -755,6 +755,16 @@ directive in
55 directive in
56 .Xr ssh_config 5 51 .Xr ssh_config 5
57 for more information. 52 for more information.
58+.Pp 53 .Pp
59+(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension 54+(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension
60+restrictions by default, because too many programs currently crash in this 55+restrictions by default, because too many programs currently crash in this
61+mode. 56+mode.
@@ -65,13 +60,14 @@ index 2178863..e2cce49 100644
65+.Dq no 60+.Dq no
66+to restore the upstream behaviour. 61+to restore the upstream behaviour.
67+This may change in future depending on client-side improvements.) 62+This may change in future depending on client-side improvements.)
63+.Pp
68 .It Fl x 64 .It Fl x
69 Disables X11 forwarding. 65 Disables X11 forwarding.
70 .It Fl Y 66 .Pp
71 Enables trusted X11 forwarding. 67@@ -763,6 +773,17 @@ Enables trusted X11 forwarding.
72 Trusted X11 forwardings are not subjected to the X11 SECURITY extension 68 Trusted X11 forwardings are not subjected to the X11 SECURITY extension
73 controls. 69 controls.
74+.Pp 70 .Pp
75+(Debian-specific: This option does nothing in the default configuration: it 71+(Debian-specific: This option does nothing in the default configuration: it
76+is equivalent to 72+is equivalent to
77+.Dq Cm ForwardX11Trusted No yes , 73+.Dq Cm ForwardX11Trusted No yes ,
@@ -82,6 +78,7 @@ index 2178863..e2cce49 100644
82+.Dq no 78+.Dq no
83+to restore the upstream behaviour. 79+to restore the upstream behaviour.
84+This may change in future depending on client-side improvements.) 80+This may change in future depending on client-side improvements.)
81+.Pp
85 .It Fl y 82 .It Fl y
86 Send log information using the 83 Send log information using the
87 .Xr syslog 3 84 .Xr syslog 3
@@ -110,7 +107,7 @@ index 228e5ab..c9386aa 100644
110+ GSSAPIAuthentication yes 107+ GSSAPIAuthentication yes
111+ GSSAPIDelegateCredentials no 108+ GSSAPIDelegateCredentials no
112diff --git a/ssh_config.5 b/ssh_config.5 109diff --git a/ssh_config.5 b/ssh_config.5
113index f25cedd..9a103f2 100644 110index 5bc04b0..aaa435a 100644
114--- a/ssh_config.5 111--- a/ssh_config.5
115+++ b/ssh_config.5 112+++ b/ssh_config.5
116@@ -74,6 +74,22 @@ Since the first obtained value for each parameter is used, more 113@@ -74,6 +74,22 @@ Since the first obtained value for each parameter is used, more
@@ -136,7 +133,7 @@ index f25cedd..9a103f2 100644
136 The configuration file has the following format: 133 The configuration file has the following format:
137 .Pp 134 .Pp
138 Empty lines and lines starting with 135 Empty lines and lines starting with
139@@ -716,7 +732,8 @@ token used for the session will be set to expire after 20 minutes. 136@@ -721,7 +737,8 @@ token used for the session will be set to expire after 20 minutes.
140 Remote clients will be refused access after this time. 137 Remote clients will be refused access after this time.
141 .Pp 138 .Pp
142 The default is 139 The default is
@@ -146,22 +143,8 @@ index f25cedd..9a103f2 100644
146 .Pp 143 .Pp
147 See the X11 SECURITY extension specification for full details on 144 See the X11 SECURITY extension specification for full details on
148 the restrictions imposed on untrusted clients. 145 the restrictions imposed on untrusted clients.
149diff --git a/sshd_config b/sshd_config
150index 1dfd0f1..23a338f 100644
151--- a/sshd_config
152+++ b/sshd_config
153@@ -41,7 +41,8 @@
154 # Authentication:
155
156 #LoginGraceTime 2m
157-#PermitRootLogin no
158+# See /usr/share/doc/openssh-server/README.Debian.gz.
159+#PermitRootLogin without-password
160 #StrictModes yes
161 #MaxAuthTries 6
162 #MaxSessions 10
163diff --git a/sshd_config.5 b/sshd_config.5 146diff --git a/sshd_config.5 b/sshd_config.5
164index 355b445..eb6bff8 100644 147index 7e40a27..92c23bc 100644
165--- a/sshd_config.5 148--- a/sshd_config.5
166+++ b/sshd_config.5 149+++ b/sshd_config.5
167@@ -57,6 +57,31 @@ Arguments may optionally be enclosed in double quotes 150@@ -57,6 +57,31 @@ Arguments may optionally be enclosed in double quotes