projects / packages / openssh.git / blame
| Commit | Line | Data |
|---|---|---|
| 2f55b62d JR |
1 | --- openssh-4.6p1/sshd_config~ 2007-10-13 01:37:17.000000000 +0200 |
| 2 | +++ openssh-4.6p1/sshd_config 2007-10-13 01:47:12.000000000 +0200 | |
| 2f55b62d JR |
3 | @@ -34,6 +35,7 @@ |
| 4 | ||
| 5 | #LoginGraceTime 2m | |
| 6 | #PermitRootLogin yes | |
| 7 | +PermitRootLogin no | |
| 8 | #StrictModes yes | |
| 9 | #MaxAuthTries 6 | |
| 10 | ||
| 11 | @@ -50,10 +51,13 @@ | |
| 12 | #IgnoreUserKnownHosts no | |
| 13 | # Don't read the user's ~/.rhosts and ~/.shosts files | |
| 14 | #IgnoreRhosts yes | |
| 15 | +IgnoreRhosts yes | |
| 16 | ||
| 17 | # To disable tunneled clear text passwords, change to no here! | |
| 18 | #PasswordAuthentication yes | |
| 19 | #PermitEmptyPasswords no | |
| 20 | +PasswordAuthentication yes | |
| 21 | +PermitEmptyPasswords no | |
| 22 | ||
| 23 | # Change to no to disable s/key passwords | |
| 24 | #ChallengeResponseAuthentication yes | |
| 25 | @@ -66,6 +67,8 @@ | |
| 26 | # GSSAPI options | |
| 27 | #GSSAPIAuthentication no | |
| 28 | #GSSAPICleanupCredentials yes | |
| 29 | +GSSAPIAuthentication yes | |
| 30 | +GSSAPICleanupCredentials yes | |
| 31 | ||
| 32 | # Set this to 'yes' to enable PAM authentication, account processing, | |
| 33 | # and session processing. If this is enabled, PAM authentication will | |
| fc8529e5 AM |
34 | @@ -89,10 +89,12 @@ |
| 35 | # If you just want the PAM account and session checks to run without | |
| 2f55b62d JR |
36 | # PAM authentication, then enable this but set PasswordAuthentication |
| 37 | # and ChallengeResponseAuthentication to 'no'. | |
| fc8529e5 | 38 | -#UsePAM no |
| 2f55b62d | 39 | +UsePAM yes |
| 2f55b62d | 40 | |
| fc8529e5 AM |
41 | #AllowAgentForwarding yes |
| 42 | -#AllowTcpForwarding yes | |
| 2f55b62d JR |
43 | +# Security advisory: |
| 44 | +# http://securitytracker.com/alerts/2004/Sep/1011143.html | |
| 45 | +AllowTcpForwarding no | |
| 46 | #GatewayPorts no | |
| 47 | #X11Forwarding no | |
| 48 | #X11DisplayOffset 10 | |
| 49 | @@ -106,6 +109,9 @@ | |
| 50 | # no default banner path | |
| 51 | #Banner /some/path | |
| 52 | ||
| 3a147655 ER |
53 | +# Accept locale-related environment variables, also accept GIT vars |
| 54 | +AcceptEnv LANG LC_* LANGUAGE TZ GIT_* | |
| 2f55b62d JR |
55 | + |
| 56 | # override default of no subsystems | |
| 57 | Subsystem sftp /usr/libexec/sftp-server | |
| 58 | ||
| 59 | --- openssh-4.6p1/ssh_config~ 2006-06-13 05:01:10.000000000 +0200 | |
| 60 | +++ openssh-4.6p1/ssh_config 2007-10-13 02:00:16.000000000 +0200 | |
| 61 | @@ -20,12 +20,15 @@ | |
| 62 | # Host * | |
| 63 | # ForwardAgent no | |
| 64 | # ForwardX11 no | |
| 65 | +# ForwardX11Trusted yes | |
| 66 | # RhostsRSAAuthentication no | |
| 67 | # RSAAuthentication yes | |
| 68 | # PasswordAuthentication yes | |
| 69 | # HostbasedAuthentication no | |
| 70 | # GSSAPIAuthentication no | |
| 71 | # GSSAPIDelegateCredentials no | |
| 72 | +# GSSAPIKeyExchange no | |
| 73 | +# GSSAPITrustDNS no | |
| 74 | # BatchMode no | |
| 75 | # CheckHostIP yes | |
| 76 | # AddressFamily any | |
| 77 | @@ -42,3 +45,19 @@ | |
| 2f55b62d | 78 | # PermitLocalCommand no |
| cf9d1078 | 79 | # VisualHostKey no |
| 08811ee8 | 80 | # ProxyCommand ssh -q -W %h:%p gateway.example.com |
| 2f55b62d JR |
81 | + |
| 82 | +Host * | |
| 83 | + GSSAPIAuthentication yes | |
| 84 | + GSSAPIDelegateCredentials no | |
| 85 | + ForwardAgent no | |
| 86 | + ForwardX11 no | |
| 87 | +# If this option is set to yes then remote X11 clients will have full access | |
| 88 | +# to the original X11 display. As virtually no X11 client supports the untrusted | |
| 89 | +# mode correctly we set this to yes. | |
| 90 | + ForwardX11Trusted yes | |
| 91 | + StrictHostKeyChecking no | |
| 92 | + ServerAliveInterval 60 | |
| 93 | + ServerAliveCountMax 10 | |
| 94 | + TCPKeepAlive no | |
| 3a147655 ER |
95 | +# Send locale-related environment variables, also pass GIT vars |
| 96 | + SendEnv LANG LC_* LANGUAGE TZ GIT_* | |
| 3e8be83d | 97 | + HashKnownHosts yes |