From 6d0faf6dc76ac8cc73d6f8e478db7c97f7013a2d Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:18 +0000
Subject: Various Debian-specific configuration changes

ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).

ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).

ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.

ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
default.

Document all of this, along with several sshd defaults set in
debian/openssh-server.postinst.

Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2015-11-29

Patch-Name: debian-config.patch
---
 readconf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'readconf.c')

diff --git a/readconf.c b/readconf.c
index c0ba5a72c..e4e1cbae3 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1749,7 +1749,7 @@ fill_default_options(Options * options)
 	if (options->forward_x11 == -1)
 		options->forward_x11 = 0;
 	if (options->forward_x11_trusted == -1)
-		options->forward_x11_trusted = 0;
+		options->forward_x11_trusted = 1;
 	if (options->forward_x11_timeout == -1)
 		options->forward_x11_timeout = 1200;
 	if (options->exit_on_forward_failure == -1)
-- 
cgit v1.2.3