1 files changed, 25 insertions, 1 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index c6eaa63e7..34dc2d51b 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -71,6 +71,29 @@ Since the first obtained value for each parameter is used, more
 host-specific declarations should be given near the beginning of the
 file, and general defaults at the end.
 .Pp
+Note that the Debian
+.Ic openssh-client
+package sets several options as standard in
+.Pa /etc/ssh/ssh_config
+which are not the default in
+.Xr ssh 1 :
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+.Cm Include /etc/ssh/ssh_config.d/*.conf
+.It
+.Cm SendEnv No LANG LC_*
+.It
+.Cm HashKnownHosts No yes
+.It
+.Cm GSSAPIAuthentication No yes
+.El
+.Pp
+.Pa /etc/ssh/ssh_config.d/*.conf
+files are included at the start of the system-wide configuration file, so
+options set there will override those in
+.Pa /etc/ssh/ssh_config.
+.Pp
 The file contains keyword-argument pairs, one per line.
 Lines starting with
 .Ql #
@@ -729,11 +752,12 @@ elapsed.
 .It Cm ForwardX11Trusted
 If this option is set to
 .Cm yes ,
+(the Debian-specific default),
 remote X11 clients will have full access to the original X11 display.
 .Pp
 If this option is set to
 .Cm no
-(the default),
+(the upstream default),
 remote X11 clients will be considered untrusted and prevented
 from stealing or tampering with data belonging to trusted X11
 clients.

diff --git a/ssh_config.5 b/ssh_config.5 index c6eaa63e7..34dc2d51b 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -71,6 +71,29 @@ Since the first obtained value for each parameter is used, more
71	host-specific declarations should be given near the beginning of the	71	host-specific declarations should be given near the beginning of the
72	file, and general defaults at the end.	72	file, and general defaults at the end.
73	.Pp	73	.Pp
		74	Note that the Debian
		75	.Ic openssh-client
		76	package sets several options as standard in
		77	.Pa /etc/ssh/ssh_config
		78	which are not the default in
		79	.Xr ssh 1 :
		80	.Pp
		81	.Bl -bullet -offset indent -compact
		82	.It
		83	.Cm Include /etc/ssh/ssh_config.d/*.conf
		84	.It
		85	.Cm SendEnv No LANG LC_*
		86	.It
		87	.Cm HashKnownHosts No yes
		88	.It
		89	.Cm GSSAPIAuthentication No yes
		90	.El
		91	.Pp
		92	.Pa /etc/ssh/ssh_config.d/*.conf
		93	files are included at the start of the system-wide configuration file, so
		94	options set there will override those in
		95	.Pa /etc/ssh/ssh_config.
		96	.Pp
74	The file contains keyword-argument pairs, one per line.	97	The file contains keyword-argument pairs, one per line.
75	Lines starting with	98	Lines starting with
76	.Ql #	99	.Ql #
@@ -729,11 +752,12 @@ elapsed.
729	.It Cm ForwardX11Trusted	752	.It Cm ForwardX11Trusted
730	If this option is set to	753	If this option is set to
731	.Cm yes ,	754	.Cm yes ,
		755	(the Debian-specific default),
732	remote X11 clients will have full access to the original X11 display.	756	remote X11 clients will have full access to the original X11 display.
733	.Pp	757	.Pp
734	If this option is set to	758	If this option is set to
735	.Cm no	759	.Cm no
736	(the default),	760	(the upstream default),
737	remote X11 clients will be considered untrusted and prevented	761	remote X11 clients will be considered untrusted and prevented
738	from stealing or tampering with data belonging to trusted X11	762	from stealing or tampering with data belonging to trusted X11
739	clients.	763	clients.