1 files changed, 124 insertions, 0 deletions
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
new file mode 100644
index 000000000..5aa0035c8
--- /dev/null
+++ b/debian/patches/debian-config.patch
@@ -0,0 +1,124 @@
+Index: b/readconf.c
+===================================================================
+--- a/readconf.c
+++ b/readconf.c
+@@ -1150,7 +1150,7 @@
+        if (options->forward_x11 == -1)
+                options->forward_x11 = 0;
+        if (options->forward_x11_trusted == -1)
+-               options->forward_x11_trusted = 0;
+               options->forward_x11_trusted = 1;
+        if (options->exit_on_forward_failure == -1)
+                options->exit_on_forward_failure = 0;
+        if (options->xauth_location == NULL)
+Index: b/ssh_config
+===================================================================
+--- a/ssh_config
+++ b/ssh_config
+@@ -17,9 +17,10 @@
+ # list of available options, their meanings and defaults, please see the
+ # ssh_config(5) man page.
+ 
+-# Host *
+Host *
+ #   ForwardAgent no
+ #   ForwardX11 no
+#   ForwardX11Trusted yes
+ #   RhostsRSAAuthentication no
+ #   RSAAuthentication yes
+ #   PasswordAuthentication yes
+@@ -46,3 +47,7 @@
+ #   TunnelDevice any:any
+ #   PermitLocalCommand no
+ #   VisualHostKey no
+    SendEnv LANG LC_*
+    HashKnownHosts yes
+    GSSAPIAuthentication yes
+    GSSAPIDelegateCredentials no
+Index: b/ssh_config.5
+===================================================================
+--- a/ssh_config.5
+++ b/ssh_config.5
+@@ -72,6 +72,22 @@
+ host-specific declarations should be given near the beginning of the
+ file, and general defaults at the end.
+ .Pp
+Note that the Debian
+.Ic openssh-client
+package sets several options as standard in
+.Pa /etc/ssh/ssh_config
+which are not the default in
+.Xr ssh 1 :
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+.Cm SendEnv No LANG LC_*
+.It
+.Cm HashKnownHosts No yes
+.It
+.Cm GSSAPIAuthentication No yes
+.El
+.Pp
+ The configuration file has the following format:
+ .Pp
+ Empty lines and lines starting with
+@@ -452,7 +468,8 @@
+ Remote clients will be refused access after this time.
+ .Pp
+ The default is
+-.Dq no .
+.Dq yes
+(Debian-specific).
+ .Pp
+ See the X11 SECURITY extension specification for full details on
+ the restrictions imposed on untrusted clients.
+Index: b/sshd_config
+===================================================================
+--- a/sshd_config
+++ b/sshd_config
+@@ -38,6 +38,7 @@
+ # Authentication:
+ 
+ #LoginGraceTime 2m
+# See /usr/share/doc/openssh-server/README.Debian.gz.
+ #PermitRootLogin yes
+ #StrictModes yes
+ #MaxAuthTries 6
+Index: b/sshd_config.5
+===================================================================
+--- a/sshd_config.5
+++ b/sshd_config.5
+@@ -58,6 +58,33 @@
+ .Pq \&"
+ in order to represent arguments containing spaces.
+ .Pp
+Note that the Debian
+.Ic openssh-server
+package sets several options as standard in
+.Pa /etc/ssh/sshd_config
+which are not the default in
+.Xr sshd 8 .
+The exact list depends on whether the package was installed fresh or
+upgraded from various possible previous versions, but includes at least the
+following:
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+.Cm Protocol No 2
+.It
+.Cm ChallengeResponseAuthentication No no
+.It
+.Cm X11Forwarding No yes
+.It
+.Cm PrintMotd No no
+.It
+.Cm AcceptEnv No LANG LC_*
+.It
+.Cm Subsystem No sftp /usr/lib/openssh/sftp-server
+.It
+.Cm UsePAM No yes
+.El
+.Pp
+ The possible
+ keywords and their meanings are as follows (note that
+ keywords are case-insensitive and arguments are case-sensitive):

diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch new file mode 100644 index 000000000..5aa0035c8 --- /dev/null +++ b/debian/patches/debian-config.patch
@@ -0,0 +1,124 @@
	1	Index: b/readconf.c
	2	===================================================================
	3	--- a/readconf.c
	4	+++ b/readconf.c
	5	@@ -1150,7 +1150,7 @@
	6	if (options->forward_x11 == -1)
	7	options->forward_x11 = 0;
	8	if (options->forward_x11_trusted == -1)
	9	- options->forward_x11_trusted = 0;
	10	+ options->forward_x11_trusted = 1;
	11	if (options->exit_on_forward_failure == -1)
	12	options->exit_on_forward_failure = 0;
	13	if (options->xauth_location == NULL)
	14	Index: b/ssh_config
	15	===================================================================
	16	--- a/ssh_config
	17	+++ b/ssh_config
	18	@@ -17,9 +17,10 @@
	19	# list of available options, their meanings and defaults, please see the
	20	# ssh_config(5) man page.
	21
	22	-# Host *
	23	+Host *
	24	# ForwardAgent no
	25	# ForwardX11 no
	26	+# ForwardX11Trusted yes
	27	# RhostsRSAAuthentication no
	28	# RSAAuthentication yes
	29	# PasswordAuthentication yes
	30	@@ -46,3 +47,7 @@
	31	# TunnelDevice any:any
	32	# PermitLocalCommand no
	33	# VisualHostKey no
	34	+ SendEnv LANG LC_*
	35	+ HashKnownHosts yes
	36	+ GSSAPIAuthentication yes
	37	+ GSSAPIDelegateCredentials no
	38	Index: b/ssh_config.5
	39	===================================================================
	40	--- a/ssh_config.5
	41	+++ b/ssh_config.5
	42	@@ -72,6 +72,22 @@
	43	host-specific declarations should be given near the beginning of the
	44	file, and general defaults at the end.
	45	.Pp
	46	+Note that the Debian
	47	+.Ic openssh-client
	48	+package sets several options as standard in
	49	+.Pa /etc/ssh/ssh_config
	50	+which are not the default in
	51	+.Xr ssh 1 :
	52	+.Pp
	53	+.Bl -bullet -offset indent -compact
	54	+.It
	55	+.Cm SendEnv No LANG LC_*
	56	+.It
	57	+.Cm HashKnownHosts No yes
	58	+.It
	59	+.Cm GSSAPIAuthentication No yes
	60	+.El
	61	+.Pp
	62	The configuration file has the following format:
	63	.Pp
	64	Empty lines and lines starting with
	65	@@ -452,7 +468,8 @@
	66	Remote clients will be refused access after this time.
	67	.Pp
	68	The default is
	69	-.Dq no .
	70	+.Dq yes
	71	+(Debian-specific).
	72	.Pp
	73	See the X11 SECURITY extension specification for full details on
	74	the restrictions imposed on untrusted clients.
	75	Index: b/sshd_config
	76	===================================================================
	77	--- a/sshd_config
	78	+++ b/sshd_config
	79	@@ -38,6 +38,7 @@
	80	# Authentication:
	81
	82	#LoginGraceTime 2m
	83	+# See /usr/share/doc/openssh-server/README.Debian.gz.
	84	#PermitRootLogin yes
	85	#StrictModes yes
	86	#MaxAuthTries 6
	87	Index: b/sshd_config.5
	88	===================================================================
	89	--- a/sshd_config.5
	90	+++ b/sshd_config.5
	91	@@ -58,6 +58,33 @@
	92	.Pq \&"
	93	in order to represent arguments containing spaces.
	94	.Pp
	95	+Note that the Debian
	96	+.Ic openssh-server
	97	+package sets several options as standard in
	98	+.Pa /etc/ssh/sshd_config
	99	+which are not the default in
	100	+.Xr sshd 8 .
	101	+The exact list depends on whether the package was installed fresh or
	102	+upgraded from various possible previous versions, but includes at least the
	103	+following:
	104	+.Pp
	105	+.Bl -bullet -offset indent -compact
	106	+.It
	107	+.Cm Protocol No 2
	108	+.It
	109	+.Cm ChallengeResponseAuthentication No no
	110	+.It
	111	+.Cm X11Forwarding No yes
	112	+.It
	113	+.Cm PrintMotd No no
	114	+.It
	115	+.Cm AcceptEnv No LANG LC_*
	116	+.It
	117	+.Cm Subsystem No sftp /usr/lib/openssh/sftp-server
	118	+.It
	119	+.Cm UsePAM No yes
	120	+.El
	121	+.Pp
	122	The possible
	123	keywords and their meanings are as follows (note that
	124	keywords are case-insensitive and arguments are case-sensitive):