1 files changed, 25 insertions, 1 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 96ca7a5df..6d6c59521 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -71,6 +71,29 @@ Since the first obtained value for each parameter is used, more
 host-specific declarations should be given near the beginning of the
 file, and general defaults at the end.
 .Pp
+Note that the Debian
+.Ic openssh-client
+package sets several options as standard in
+.Pa /etc/ssh/ssh_config
+which are not the default in
+.Xr ssh 1 :
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+.Cm Include /etc/ssh/ssh_config.d/*.conf
+.It
+.Cm SendEnv No LANG LC_*
+.It
+.Cm HashKnownHosts No yes
+.It
+.Cm GSSAPIAuthentication No yes
+.El
+.Pp
+.Pa /etc/ssh/ssh_config.d/*.conf
+files are included at the start of the system-wide configuration file, so
+options set there will override those in
+.Pa /etc/ssh/ssh_config.
+.Pp
 The file contains keyword-argument pairs, one per line.
 Lines starting with
 .Ql #
@@ -742,11 +765,12 @@ elapsed.
 .It Cm ForwardX11Trusted
 If this option is set to
 .Cm yes ,
+(the Debian-specific default),
 remote X11 clients will have full access to the original X11 display.
 .Pp
 If this option is set to
 .Cm no
-(the default),
+(the upstream default),
 remote X11 clients will be considered untrusted and prevented
 from stealing or tampering with data belonging to trusted X11
 clients.

diff --git a/ssh_config.5 b/ssh_config.5 index 96ca7a5df..6d6c59521 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -71,6 +71,29 @@ Since the first obtained value for each parameter is used, more
71	host-specific declarations should be given near the beginning of the	71	host-specific declarations should be given near the beginning of the
72	file, and general defaults at the end.	72	file, and general defaults at the end.
73	.Pp	73	.Pp
		74	Note that the Debian
		75	.Ic openssh-client
		76	package sets several options as standard in
		77	.Pa /etc/ssh/ssh_config
		78	which are not the default in
		79	.Xr ssh 1 :
		80	.Pp
		81	.Bl -bullet -offset indent -compact
		82	.It
		83	.Cm Include /etc/ssh/ssh_config.d/*.conf
		84	.It
		85	.Cm SendEnv No LANG LC_*
		86	.It
		87	.Cm HashKnownHosts No yes
		88	.It
		89	.Cm GSSAPIAuthentication No yes
		90	.El
		91	.Pp
		92	.Pa /etc/ssh/ssh_config.d/*.conf
		93	files are included at the start of the system-wide configuration file, so
		94	options set there will override those in
		95	.Pa /etc/ssh/ssh_config.
		96	.Pp
74	The file contains keyword-argument pairs, one per line.	97	The file contains keyword-argument pairs, one per line.
75	Lines starting with	98	Lines starting with
76	.Ql #	99	.Ql #
@@ -742,11 +765,12 @@ elapsed.
742	.It Cm ForwardX11Trusted	765	.It Cm ForwardX11Trusted
743	If this option is set to	766	If this option is set to
744	.Cm yes ,	767	.Cm yes ,
		768	(the Debian-specific default),
745	remote X11 clients will have full access to the original X11 display.	769	remote X11 clients will have full access to the original X11 display.
746	.Pp	770	.Pp
747	If this option is set to	771	If this option is set to
748	.Cm no	772	.Cm no
749	(the default),	773	(the upstream default),
750	remote X11 clients will be considered untrusted and prevented	774	remote X11 clients will be considered untrusted and prevented
751	from stealing or tampering with data belonging to trusted X11	775	from stealing or tampering with data belonging to trusted X11
752	clients.	776	clients.