summaryrefslogtreecommitdiff
path: root/debian/patches/debian-config.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/debian-config.patch')
-rw-r--r--debian/patches/debian-config.patch124
1 files changed, 124 insertions, 0 deletions
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
new file mode 100644
index 000000000..5aa0035c8
--- /dev/null
+++ b/debian/patches/debian-config.patch
@@ -0,0 +1,124 @@
1Index: b/readconf.c
2===================================================================
3--- a/readconf.c
4+++ b/readconf.c
5@@ -1150,7 +1150,7 @@
6 if (options->forward_x11 == -1)
7 options->forward_x11 = 0;
8 if (options->forward_x11_trusted == -1)
9- options->forward_x11_trusted = 0;
10+ options->forward_x11_trusted = 1;
11 if (options->exit_on_forward_failure == -1)
12 options->exit_on_forward_failure = 0;
13 if (options->xauth_location == NULL)
14Index: b/ssh_config
15===================================================================
16--- a/ssh_config
17+++ b/ssh_config
18@@ -17,9 +17,10 @@
19 # list of available options, their meanings and defaults, please see the
20 # ssh_config(5) man page.
21
22-# Host *
23+Host *
24 # ForwardAgent no
25 # ForwardX11 no
26+# ForwardX11Trusted yes
27 # RhostsRSAAuthentication no
28 # RSAAuthentication yes
29 # PasswordAuthentication yes
30@@ -46,3 +47,7 @@
31 # TunnelDevice any:any
32 # PermitLocalCommand no
33 # VisualHostKey no
34+ SendEnv LANG LC_*
35+ HashKnownHosts yes
36+ GSSAPIAuthentication yes
37+ GSSAPIDelegateCredentials no
38Index: b/ssh_config.5
39===================================================================
40--- a/ssh_config.5
41+++ b/ssh_config.5
42@@ -72,6 +72,22 @@
43 host-specific declarations should be given near the beginning of the
44 file, and general defaults at the end.
45 .Pp
46+Note that the Debian
47+.Ic openssh-client
48+package sets several options as standard in
49+.Pa /etc/ssh/ssh_config
50+which are not the default in
51+.Xr ssh 1 :
52+.Pp
53+.Bl -bullet -offset indent -compact
54+.It
55+.Cm SendEnv No LANG LC_*
56+.It
57+.Cm HashKnownHosts No yes
58+.It
59+.Cm GSSAPIAuthentication No yes
60+.El
61+.Pp
62 The configuration file has the following format:
63 .Pp
64 Empty lines and lines starting with
65@@ -452,7 +468,8 @@
66 Remote clients will be refused access after this time.
67 .Pp
68 The default is
69-.Dq no .
70+.Dq yes
71+(Debian-specific).
72 .Pp
73 See the X11 SECURITY extension specification for full details on
74 the restrictions imposed on untrusted clients.
75Index: b/sshd_config
76===================================================================
77--- a/sshd_config
78+++ b/sshd_config
79@@ -38,6 +38,7 @@
80 # Authentication:
81
82 #LoginGraceTime 2m
83+# See /usr/share/doc/openssh-server/README.Debian.gz.
84 #PermitRootLogin yes
85 #StrictModes yes
86 #MaxAuthTries 6
87Index: b/sshd_config.5
88===================================================================
89--- a/sshd_config.5
90+++ b/sshd_config.5
91@@ -58,6 +58,33 @@
92 .Pq \&"
93 in order to represent arguments containing spaces.
94 .Pp
95+Note that the Debian
96+.Ic openssh-server
97+package sets several options as standard in
98+.Pa /etc/ssh/sshd_config
99+which are not the default in
100+.Xr sshd 8 .
101+The exact list depends on whether the package was installed fresh or
102+upgraded from various possible previous versions, but includes at least the
103+following:
104+.Pp
105+.Bl -bullet -offset indent -compact
106+.It
107+.Cm Protocol No 2
108+.It
109+.Cm ChallengeResponseAuthentication No no
110+.It
111+.Cm X11Forwarding No yes
112+.It
113+.Cm PrintMotd No no
114+.It
115+.Cm AcceptEnv No LANG LC_*
116+.It
117+.Cm Subsystem No sftp /usr/lib/openssh/sftp-server
118+.It
119+.Cm UsePAM No yes
120+.El
121+.Pp
122 The possible
123 keywords and their meanings are as follows (note that
124 keywords are case-insensitive and arguments are case-sensitive):