[packages/openssh.git] / openssh-config.patch

--- openssh-4.6p1/sshd_config~	2007-10-13 01:37:17.000000000 +0200
+++ openssh-4.6p1/sshd_config	2007-10-13 01:47:12.000000000 +0200
@@ -41,7 +41,7 @@
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin prohibit-password
+PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
@@ -50,6 +51,9 @@
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
+
+# Allow DSA keys
+## PubkeyAcceptedKeyTypes +ssh-dss
 
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
@@ -66,6 +70,7 @@
 # GSSAPI options
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
+GSSAPIAuthentication yes
 
 # Set this to 'yes' to enable PAM authentication, account processing, 
 # and session processing. If this is enabled, PAM authentication will 
@@ -89,10 +92,12 @@
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-#UsePAM no
+UsePAM yes
 
 #AllowAgentForwarding yes
-#AllowTcpForwarding yes
+# Security advisory:
+# http://securitytracker.com/alerts/2004/Sep/1011143.html
+AllowTcpForwarding no
 #GatewayPorts no
 #X11Forwarding no
 #X11DisplayOffset 10
@@ -106,6 +112,9 @@
 # no default banner path
 #Banner /some/path
 
+# Accept locale-related environment variables, also accept some GIT vars
+AcceptEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
+
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
 
@@ -119,6 +133,10 @@
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
 
+# Uncomment this if you want to use .local domain
+#Host *.local
+#	CheckHostIP no
+
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no
--- openssh-4.6p1/ssh_config~	2006-06-13 05:01:10.000000000 +0200
+++ openssh-4.6p1/ssh_config	2007-10-13 02:00:16.000000000 +0200
@@ -20,10 +20,13 @@
 # Host *
 #   ForwardAgent no
 #   ForwardX11 no
+#   ForwardX11Trusted no
 #   PasswordAuthentication yes
 #   HostbasedAuthentication no
 #   GSSAPIAuthentication no
 #   GSSAPIDelegateCredentials no
+#   GSSAPIKeyExchange no
+#   GSSAPITrustDNS no
 #   BatchMode no
 #   CheckHostIP yes
 #   AddressFamily any
@@ -42,3 +45,18 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
+
+Host *
+	GSSAPIAuthentication yes
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 server. As some X11 clients don't support the untrusted
+# mode correctly, you might consider changing this to 'yes' or using '-Y'.
+#	ForwardX11Trusted no
+	ServerAliveInterval 60
+	ServerAliveCountMax 10
+	TCPKeepAlive no
+	# Allow DSA keys
+#	PubkeyAcceptedKeyTypes +ssh-dss
+#	HostkeyAlgorithms +ssh-dss
+# Send locale-related environment variables, also pass some GIT vars
+	SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
+	HashKnownHosts yes
Commit	Line	Data
	1	--- openssh-4.6p1/sshd_config~ 2007-10-13 01:37:17.000000000 +0200
	2	+++ openssh-4.6p1/sshd_config 2007-10-13 01:47:12.000000000 +0200
	3	@@ -41,7 +41,7 @@
	4	# Authentication:
	5
	6	#LoginGraceTime 2m
	7	-#PermitRootLogin prohibit-password
	8	+PermitRootLogin no
	9	#StrictModes yes
	10	#MaxAuthTries 6
	11	#MaxSessions 10
	12	@@ -50,6 +51,9 @@
	13	# To disable tunneled clear text passwords, change to no here!
	14	#PasswordAuthentication yes
	15	#PermitEmptyPasswords no
	16	+
	17	+# Allow DSA keys
	18	+## PubkeyAcceptedKeyTypes +ssh-dss
	19
	20	# Change to no to disable s/key passwords
	21	#ChallengeResponseAuthentication yes
	22	@@ -66,6 +70,7 @@
	23	# GSSAPI options
	24	#GSSAPIAuthentication no
	25	#GSSAPICleanupCredentials yes
	26	+GSSAPIAuthentication yes
	27
	28	# Set this to 'yes' to enable PAM authentication, account processing,
	29	# and session processing. If this is enabled, PAM authentication will
	30	@@ -89,10 +92,12 @@
	31	# If you just want the PAM account and session checks to run without
	32	# PAM authentication, then enable this but set PasswordAuthentication
	33	# and ChallengeResponseAuthentication to 'no'.
	34	-#UsePAM no
	35	+UsePAM yes
	36
	37	#AllowAgentForwarding yes
	38	-#AllowTcpForwarding yes
	39	+# Security advisory:
	40	+# http://securitytracker.com/alerts/2004/Sep/1011143.html
	41	+AllowTcpForwarding no
	42	#GatewayPorts no
	43	#X11Forwarding no
	44	#X11DisplayOffset 10
	45	@@ -106,6 +112,9 @@
	46	# no default banner path
	47	#Banner /some/path
	48
	49	+# Accept locale-related environment variables, also accept some GIT vars
	50	+AcceptEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
	51	+
	52	# override default of no subsystems
	53	Subsystem sftp /usr/libexec/sftp-server
	54
	55	@@ -119,6 +133,10 @@
	56	# override default of no subsystems
	57	Subsystem sftp /usr/libexec/sftp-server
	58
	59	+# Uncomment this if you want to use .local domain
	60	+#Host *.local
	61	+# CheckHostIP no
	62	+
	63	# Example of overriding settings on a per-user basis
	64	#Match User anoncvs
	65	# X11Forwarding no
	66	--- openssh-4.6p1/ssh_config~ 2006-06-13 05:01:10.000000000 +0200
	67	+++ openssh-4.6p1/ssh_config 2007-10-13 02:00:16.000000000 +0200
	68	@@ -20,10 +20,13 @@
	69	# Host *
	70	# ForwardAgent no
	71	# ForwardX11 no
	72	+# ForwardX11Trusted no
	73	# PasswordAuthentication yes
	74	# HostbasedAuthentication no
	75	# GSSAPIAuthentication no
	76	# GSSAPIDelegateCredentials no
	77	+# GSSAPIKeyExchange no
	78	+# GSSAPITrustDNS no
	79	# BatchMode no
	80	# CheckHostIP yes
	81	# AddressFamily any
	82	@@ -42,3 +45,18 @@
	83	# VisualHostKey no
	84	# ProxyCommand ssh -q -W %h:%p gateway.example.com
	85	# RekeyLimit 1G 1h
	86	+
	87	+Host *
	88	+ GSSAPIAuthentication yes
	89	+# If this option is set to yes then remote X11 clients will have full access
	90	+# to the original X11 server. As some X11 clients don't support the untrusted
	91	+# mode correctly, you might consider changing this to 'yes' or using '-Y'.
	92	+# ForwardX11Trusted no
	93	+ ServerAliveInterval 60
	94	+ ServerAliveCountMax 10
	95	+ TCPKeepAlive no
	96	+ # Allow DSA keys
	97	+# PubkeyAcceptedKeyTypes +ssh-dss
	98	+# HostkeyAlgorithms +ssh-dss
	99	+# Send locale-related environment variables, also pass some GIT vars
	100	+ SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
	101	+ HashKnownHosts yes