From c2ef7b500926be2f7d875d63ec72781b50d69294 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:18 +0000 Subject: Various Debian-specific configuration changes ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside PermitRootLogin default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery Forwarded: not-needed Last-Update: 2015-08-19 Patch-Name: debian-config.patch --- ssh.1 | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'ssh.1') diff --git a/ssh.1 b/ssh.1 index 217886319..e2cce49d3 100644 --- a/ssh.1 +++ b/ssh.1 @@ -670,12 +670,33 @@ option and the directive in .Xr ssh_config 5 for more information. +.Pp +(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension +restrictions by default, because too many programs currently crash in this +mode. +Set the +.Cm ForwardX11Trusted +option to +.Dq no +to restore the upstream behaviour. +This may change in future depending on client-side improvements.) .It Fl x Disables X11 forwarding. .It Fl Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. +.Pp +(Debian-specific: This option does nothing in the default configuration: it +is equivalent to +.Dq Cm ForwardX11Trusted No yes , +which is the default as described above. +Set the +.Cm ForwardX11Trusted +option to +.Dq no +to restore the upstream behaviour. +This may change in future depending on client-side improvements.) .It Fl y Send log information using the .Xr syslog 3 -- cgit v1.2.3