From 8dcc7c5ef45cf5032dca7a308ffe17d3935e62d5 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sat, 27 Feb 2010 14:05:10 +0000 Subject: Convert to source format 3.0 (quilt). --- debian/patches/debian-config.patch | 124 +++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 debian/patches/debian-config.patch (limited to 'debian/patches/debian-config.patch') diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch new file mode 100644 index 000000000..5aa0035c8 --- /dev/null +++ b/debian/patches/debian-config.patch @@ -0,0 +1,124 @@ +Index: b/readconf.c +=================================================================== +--- a/readconf.c ++++ b/readconf.c +@@ -1150,7 +1150,7 @@ + if (options->forward_x11 == -1) + options->forward_x11 = 0; + if (options->forward_x11_trusted == -1) +- options->forward_x11_trusted = 0; ++ options->forward_x11_trusted = 1; + if (options->exit_on_forward_failure == -1) + options->exit_on_forward_failure = 0; + if (options->xauth_location == NULL) +Index: b/ssh_config +=================================================================== +--- a/ssh_config ++++ b/ssh_config +@@ -17,9 +17,10 @@ + # list of available options, their meanings and defaults, please see the + # ssh_config(5) man page. + +-# Host * ++Host * + # ForwardAgent no + # ForwardX11 no ++# ForwardX11Trusted yes + # RhostsRSAAuthentication no + # RSAAuthentication yes + # PasswordAuthentication yes +@@ -46,3 +47,7 @@ + # TunnelDevice any:any + # PermitLocalCommand no + # VisualHostKey no ++ SendEnv LANG LC_* ++ HashKnownHosts yes ++ GSSAPIAuthentication yes ++ GSSAPIDelegateCredentials no +Index: b/ssh_config.5 +=================================================================== +--- a/ssh_config.5 ++++ b/ssh_config.5 +@@ -72,6 +72,22 @@ + host-specific declarations should be given near the beginning of the + file, and general defaults at the end. + .Pp ++Note that the Debian ++.Ic openssh-client ++package sets several options as standard in ++.Pa /etc/ssh/ssh_config ++which are not the default in ++.Xr ssh 1 : ++.Pp ++.Bl -bullet -offset indent -compact ++.It ++.Cm SendEnv No LANG LC_* ++.It ++.Cm HashKnownHosts No yes ++.It ++.Cm GSSAPIAuthentication No yes ++.El ++.Pp + The configuration file has the following format: + .Pp + Empty lines and lines starting with +@@ -452,7 +468,8 @@ + Remote clients will be refused access after this time. + .Pp + The default is +-.Dq no . ++.Dq yes ++(Debian-specific). + .Pp + See the X11 SECURITY extension specification for full details on + the restrictions imposed on untrusted clients. +Index: b/sshd_config +=================================================================== +--- a/sshd_config ++++ b/sshd_config +@@ -38,6 +38,7 @@ + # Authentication: + + #LoginGraceTime 2m ++# See /usr/share/doc/openssh-server/README.Debian.gz. + #PermitRootLogin yes + #StrictModes yes + #MaxAuthTries 6 +Index: b/sshd_config.5 +=================================================================== +--- a/sshd_config.5 ++++ b/sshd_config.5 +@@ -58,6 +58,33 @@ + .Pq \&" + in order to represent arguments containing spaces. + .Pp ++Note that the Debian ++.Ic openssh-server ++package sets several options as standard in ++.Pa /etc/ssh/sshd_config ++which are not the default in ++.Xr sshd 8 . ++The exact list depends on whether the package was installed fresh or ++upgraded from various possible previous versions, but includes at least the ++following: ++.Pp ++.Bl -bullet -offset indent -compact ++.It ++.Cm Protocol No 2 ++.It ++.Cm ChallengeResponseAuthentication No no ++.It ++.Cm X11Forwarding No yes ++.It ++.Cm PrintMotd No no ++.It ++.Cm AcceptEnv No LANG LC_* ++.It ++.Cm Subsystem No sftp /usr/lib/openssh/sftp-server ++.It ++.Cm UsePAM No yes ++.El ++.Pp + The possible + keywords and their meanings are as follows (note that + keywords are case-insensitive and arguments are case-sensitive): -- cgit v1.2.3