summaryrefslogtreecommitdiff
path: root/debian/patches/debian-config.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/debian-config.patch')
-rw-r--r--debian/patches/debian-config.patch67
1 files changed, 48 insertions, 19 deletions
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index e5c690915..35c71b0e9 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
1From cc80ecc65d57a9e68ce84d67bcfece281ffa0e9f Mon Sep 17 00:00:00 2001 1From 8086961f9f4ad834e9c3b09b6e2c80273be1c506 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:18 +0000 3Date: Sun, 9 Feb 2014 16:10:18 +0000
4Subject: Various Debian-specific configuration changes 4Subject: Various Debian-specific configuration changes
@@ -13,6 +13,8 @@ worms.
13 13
14ssh: Enable GSSAPIAuthentication by default. 14ssh: Enable GSSAPIAuthentication by default.
15 15
16ssh: Include /etc/ssh/ssh_config.d/*.conf.
17
16sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable 18sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable
17PrintMotd. 19PrintMotd.
18 20
@@ -22,21 +24,23 @@ sshd: Set 'AcceptEnv LANG LC_*' by default.
22 24
23sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. 25sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server.
24 26
27sshd: Include /etc/ssh/sshd_config.d/*.conf.
28
25Document all of this. 29Document all of this.
26 30
27Author: Russ Allbery <rra@debian.org> 31Author: Russ Allbery <rra@debian.org>
28Forwarded: not-needed 32Forwarded: not-needed
29Last-Update: 2020-02-19 33Last-Update: 2020-02-21
30 34
31Patch-Name: debian-config.patch 35Patch-Name: debian-config.patch
32--- 36---
33 readconf.c | 2 +- 37 readconf.c | 2 +-
34 ssh.1 | 24 ++++++++++++++++++++++++ 38 ssh.1 | 24 ++++++++++++++++++++++++
35 ssh_config | 6 +++++- 39 ssh_config | 8 +++++++-
36 ssh_config.5 | 19 ++++++++++++++++++- 40 ssh_config.5 | 26 +++++++++++++++++++++++++-
37 sshd_config | 16 ++++++++++------ 41 sshd_config | 18 ++++++++++++------
38 sshd_config.5 | 22 ++++++++++++++++++++++ 42 sshd_config.5 | 29 +++++++++++++++++++++++++++++
39 6 files changed, 80 insertions(+), 9 deletions(-) 43 6 files changed, 98 insertions(+), 9 deletions(-)
40 44
41diff --git a/readconf.c b/readconf.c 45diff --git a/readconf.c b/readconf.c
42index 7f251dd4a..e82024678 100644 46index 7f251dd4a..e82024678 100644
@@ -94,14 +98,16 @@ index b33a8049f..a8967c2f8 100644
94 Send log information using the 98 Send log information using the
95 .Xr syslog 3 99 .Xr syslog 3
96diff --git a/ssh_config b/ssh_config 100diff --git a/ssh_config b/ssh_config
97index 1ff999b68..6dd6ecf87 100644 101index 1ff999b68..8a55237b9 100644
98--- a/ssh_config 102--- a/ssh_config
99+++ b/ssh_config 103+++ b/ssh_config
100@@ -17,9 +17,10 @@ 104@@ -17,9 +17,12 @@
101 # list of available options, their meanings and defaults, please see the 105 # list of available options, their meanings and defaults, please see the
102 # ssh_config(5) man page. 106 # ssh_config(5) man page.
103 107
104-# Host * 108-# Host *
109+Include /etc/ssh/ssh_config.d/*.conf
110+
105+Host * 111+Host *
106 # ForwardAgent no 112 # ForwardAgent no
107 # ForwardX11 no 113 # ForwardX11 no
@@ -109,7 +115,7 @@ index 1ff999b68..6dd6ecf87 100644
109 # PasswordAuthentication yes 115 # PasswordAuthentication yes
110 # HostbasedAuthentication no 116 # HostbasedAuthentication no
111 # GSSAPIAuthentication no 117 # GSSAPIAuthentication no
112@@ -45,3 +46,6 @@ 118@@ -45,3 +48,6 @@
113 # VisualHostKey no 119 # VisualHostKey no
114 # ProxyCommand ssh -q -W %h:%p gateway.example.com 120 # ProxyCommand ssh -q -W %h:%p gateway.example.com
115 # RekeyLimit 1G 1h 121 # RekeyLimit 1G 1h
@@ -117,10 +123,10 @@ index 1ff999b68..6dd6ecf87 100644
117+ HashKnownHosts yes 123+ HashKnownHosts yes
118+ GSSAPIAuthentication yes 124+ GSSAPIAuthentication yes
119diff --git a/ssh_config.5 b/ssh_config.5 125diff --git a/ssh_config.5 b/ssh_config.5
120index c6eaa63e7..5c90d3e02 100644 126index c6eaa63e7..34dc2d51b 100644
121--- a/ssh_config.5 127--- a/ssh_config.5
122+++ b/ssh_config.5 128+++ b/ssh_config.5
123@@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more 129@@ -71,6 +71,29 @@ Since the first obtained value for each parameter is used, more
124 host-specific declarations should be given near the beginning of the 130 host-specific declarations should be given near the beginning of the
125 file, and general defaults at the end. 131 file, and general defaults at the end.
126 .Pp 132 .Pp
@@ -133,6 +139,8 @@ index c6eaa63e7..5c90d3e02 100644
133+.Pp 139+.Pp
134+.Bl -bullet -offset indent -compact 140+.Bl -bullet -offset indent -compact
135+.It 141+.It
142+.Cm Include /etc/ssh/ssh_config.d/*.conf
143+.It
136+.Cm SendEnv No LANG LC_* 144+.Cm SendEnv No LANG LC_*
137+.It 145+.It
138+.Cm HashKnownHosts No yes 146+.Cm HashKnownHosts No yes
@@ -140,10 +148,15 @@ index c6eaa63e7..5c90d3e02 100644
140+.Cm GSSAPIAuthentication No yes 148+.Cm GSSAPIAuthentication No yes
141+.El 149+.El
142+.Pp 150+.Pp
151+.Pa /etc/ssh/ssh_config.d/*.conf
152+files are included at the start of the system-wide configuration file, so
153+options set there will override those in
154+.Pa /etc/ssh/ssh_config.
155+.Pp
143 The file contains keyword-argument pairs, one per line. 156 The file contains keyword-argument pairs, one per line.
144 Lines starting with 157 Lines starting with
145 .Ql # 158 .Ql #
146@@ -729,11 +745,12 @@ elapsed. 159@@ -729,11 +752,12 @@ elapsed.
147 .It Cm ForwardX11Trusted 160 .It Cm ForwardX11Trusted
148 If this option is set to 161 If this option is set to
149 .Cm yes , 162 .Cm yes ,
@@ -158,10 +171,19 @@ index c6eaa63e7..5c90d3e02 100644
158 from stealing or tampering with data belonging to trusted X11 171 from stealing or tampering with data belonging to trusted X11
159 clients. 172 clients.
160diff --git a/sshd_config b/sshd_config 173diff --git a/sshd_config b/sshd_config
161index 2c48105f8..ed8272f6d 100644 174index 2c48105f8..459c1b230 100644
162--- a/sshd_config 175--- a/sshd_config
163+++ b/sshd_config 176+++ b/sshd_config
164@@ -57,8 +57,9 @@ AuthorizedKeysFile .ssh/authorized_keys 177@@ -10,6 +10,8 @@
178 # possible, but leave them commented. Uncommented options override the
179 # default value.
180
181+Include /etc/ssh/sshd_config.d/*.conf
182+
183 #Port 22
184 #AddressFamily any
185 #ListenAddress 0.0.0.0
186@@ -57,8 +59,9 @@ AuthorizedKeysFile .ssh/authorized_keys
165 #PasswordAuthentication yes 187 #PasswordAuthentication yes
166 #PermitEmptyPasswords no 188 #PermitEmptyPasswords no
167 189
@@ -173,7 +195,7 @@ index 2c48105f8..ed8272f6d 100644
173 195
174 # Kerberos options 196 # Kerberos options
175 #KerberosAuthentication no 197 #KerberosAuthentication no
176@@ -81,16 +82,16 @@ AuthorizedKeysFile .ssh/authorized_keys 198@@ -81,16 +84,16 @@ AuthorizedKeysFile .ssh/authorized_keys
177 # If you just want the PAM account and session checks to run without 199 # If you just want the PAM account and session checks to run without
178 # PAM authentication, then enable this but set PasswordAuthentication 200 # PAM authentication, then enable this but set PasswordAuthentication
179 # and ChallengeResponseAuthentication to 'no'. 201 # and ChallengeResponseAuthentication to 'no'.
@@ -193,7 +215,7 @@ index 2c48105f8..ed8272f6d 100644
193 #PrintLastLog yes 215 #PrintLastLog yes
194 #TCPKeepAlive yes 216 #TCPKeepAlive yes
195 #PermitUserEnvironment no 217 #PermitUserEnvironment no
196@@ -107,8 +108,11 @@ AuthorizedKeysFile .ssh/authorized_keys 218@@ -107,8 +110,11 @@ AuthorizedKeysFile .ssh/authorized_keys
197 # no default banner path 219 # no default banner path
198 #Banner none 220 #Banner none
199 221
@@ -207,10 +229,10 @@ index 2c48105f8..ed8272f6d 100644
207 # Example of overriding settings on a per-user basis 229 # Example of overriding settings on a per-user basis
208 #Match User anoncvs 230 #Match User anoncvs
209diff --git a/sshd_config.5 b/sshd_config.5 231diff --git a/sshd_config.5 b/sshd_config.5
210index 25f4b8117..b8bea2ad7 100644 232index 25f4b8117..e8271be74 100644
211--- a/sshd_config.5 233--- a/sshd_config.5
212+++ b/sshd_config.5 234+++ b/sshd_config.5
213@@ -56,6 +56,28 @@ Arguments may optionally be enclosed in double quotes 235@@ -56,6 +56,35 @@ Arguments may optionally be enclosed in double quotes
214 .Pq \&" 236 .Pq \&"
215 in order to represent arguments containing spaces. 237 in order to represent arguments containing spaces.
216 .Pp 238 .Pp
@@ -223,6 +245,8 @@ index 25f4b8117..b8bea2ad7 100644
223+.Pp 245+.Pp
224+.Bl -bullet -offset indent -compact 246+.Bl -bullet -offset indent -compact
225+.It 247+.It
248+.Cm Include /etc/ssh/sshd_config.d/*.conf
249+.It
226+.Cm ChallengeResponseAuthentication No no 250+.Cm ChallengeResponseAuthentication No no
227+.It 251+.It
228+.Cm X11Forwarding No yes 252+.Cm X11Forwarding No yes
@@ -236,6 +260,11 @@ index 25f4b8117..b8bea2ad7 100644
236+.Cm UsePAM No yes 260+.Cm UsePAM No yes
237+.El 261+.El
238+.Pp 262+.Pp
263+.Pa /etc/ssh/sshd_config.d/*.conf
264+files are included at the start of the configuration file, so options set
265+there will override those in
266+.Pa /etc/ssh/sshd_config.
267+.Pp
239 The possible 268 The possible
240 keywords and their meanings are as follows (note that 269 keywords and their meanings are as follows (note that
241 keywords are case-insensitive and arguments are case-sensitive): 270 keywords are case-insensitive and arguments are case-sensitive):
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-18 13:17:44 +0000