- HostkeyAlgorithms - to allow connection with older systems

[packages/openssh.git] / openssh-config.patch

--- openssh-4.6p1/sshd_config~  2007-10-13 01:37:17.000000000 +0200
+++ openssh-4.6p1/sshd_config   2007-10-13 01:47:12.000000000 +0200
@@ -41,7 +41,7 @@
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin prohibit-password
+PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
@@ -50,10 +51,16 @@
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
+IgnoreRhosts yes
 
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
+PasswordAuthentication yes
+PermitEmptyPasswords no
+
+# Allow DSA keys
+PubkeyAcceptedKeyTypes +ssh-dss
 
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
@@ -66,6 +70,8 @@
 # GSSAPI options
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
 
 # Set this to 'yes' to enable PAM authentication, account processing, 
 # and session processing. If this is enabled, PAM authentication will 
@@ -89,10 +92,12 @@
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-#UsePAM no
+UsePAM yes
 
 #AllowAgentForwarding yes
-#AllowTcpForwarding yes
+# Security advisory:
+# http://securitytracker.com/alerts/2004/Sep/1011143.html
+AllowTcpForwarding no
 #GatewayPorts no
 #X11Forwarding no
 #X11DisplayOffset 10
@@ -106,6 +112,9 @@
 # no default banner path
 #Banner /some/path
 
+# Accept locale-related environment variables, also accept some GIT vars
+AcceptEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
+
 # override default of no subsystems
 Subsystem      sftp    /usr/libexec/sftp-server
 
@@ -119,6 +133,10 @@
 # override default of no subsystems
 Subsystem      sftp    /usr/libexec/sftp-server
 
+# Uncomment this if you want to use .local domain
+#Host *.local
+#      CheckHostIP no
+
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #      X11Forwarding no
--- openssh-4.6p1/ssh_config~   2006-06-13 05:01:10.000000000 +0200
+++ openssh-4.6p1/ssh_config    2007-10-13 02:00:16.000000000 +0200
@@ -20,12 +20,15 @@
 # Host *
 #   ForwardAgent no
 #   ForwardX11 no
+#   ForwardX11Trusted yes
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
 #   HostbasedAuthentication no
 #   GSSAPIAuthentication no
 #   GSSAPIDelegateCredentials no
+#   GSSAPIKeyExchange no
+#   GSSAPITrustDNS no
 #   BatchMode no
 #   CheckHostIP yes
 #   AddressFamily any
@@ -42,3 +45,21 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
+
+Host *
+       GSSAPIAuthentication yes
+       GSSAPIDelegateCredentials no
+       ForwardAgent no
+       ForwardX11 no
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 display. As virtually no X11 client supports the untrusted
+# mode correctly we set this to yes.
+       ForwardX11Trusted yes
+       StrictHostKeyChecking no
+       ServerAliveInterval 60
+       ServerAliveCountMax 10
+       TCPKeepAlive no
+       # Allow DSA keys
+#      PubkeyAcceptedKeyTypes +ssh-dss
+#      HostkeyAlgorithms +ssh-dss
+# Send locale-related environment variables, also pass some GIT vars
+       SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
+       HashKnownHosts yes