]>
Commit | Line | Data |
---|---|---|
1 | --- openssh-4.6p1/sshd_config~ 2007-10-13 01:37:17.000000000 +0200 | |
2 | +++ openssh-4.6p1/sshd_config 2007-10-13 01:47:12.000000000 +0200 | |
3 | @@ -41,7 +41,7 @@ | |
4 | # Authentication: | |
5 | ||
6 | #LoginGraceTime 2m | |
7 | -#PermitRootLogin prohibit-password | |
8 | +PermitRootLogin no | |
9 | #StrictModes yes | |
10 | #MaxAuthTries 6 | |
11 | #MaxSessions 10 | |
12 | @@ -50,6 +51,9 @@ | |
13 | # To disable tunneled clear text passwords, change to no here! | |
14 | #PasswordAuthentication yes | |
15 | #PermitEmptyPasswords no | |
16 | + | |
17 | +# Allow DSA keys | |
18 | +## PubkeyAcceptedKeyTypes +ssh-dss | |
19 | ||
20 | # Change to no to disable s/key passwords | |
21 | #ChallengeResponseAuthentication yes | |
22 | @@ -66,6 +70,7 @@ | |
23 | # GSSAPI options | |
24 | #GSSAPIAuthentication no | |
25 | #GSSAPICleanupCredentials yes | |
26 | +GSSAPIAuthentication yes | |
27 | ||
28 | # Set this to 'yes' to enable PAM authentication, account processing, | |
29 | # and session processing. If this is enabled, PAM authentication will | |
30 | @@ -89,10 +92,12 @@ | |
31 | # If you just want the PAM account and session checks to run without | |
32 | # PAM authentication, then enable this but set PasswordAuthentication | |
33 | # and ChallengeResponseAuthentication to 'no'. | |
34 | -#UsePAM no | |
35 | +UsePAM yes | |
36 | ||
37 | #AllowAgentForwarding yes | |
38 | -#AllowTcpForwarding yes | |
39 | +# Security advisory: | |
40 | +# http://securitytracker.com/alerts/2004/Sep/1011143.html | |
41 | +AllowTcpForwarding no | |
42 | #GatewayPorts no | |
43 | #X11Forwarding no | |
44 | #X11DisplayOffset 10 | |
45 | @@ -106,6 +112,9 @@ | |
46 | # no default banner path | |
47 | #Banner /some/path | |
48 | ||
49 | +# Accept locale-related environment variables, also accept some GIT vars | |
50 | +AcceptEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL | |
51 | + | |
52 | # override default of no subsystems | |
53 | Subsystem sftp /usr/libexec/sftp-server | |
54 | ||
55 | @@ -119,6 +133,10 @@ | |
56 | # override default of no subsystems | |
57 | Subsystem sftp /usr/libexec/sftp-server | |
58 | ||
59 | +# Uncomment this if you want to use .local domain | |
60 | +#Host *.local | |
61 | +# CheckHostIP no | |
62 | + | |
63 | # Example of overriding settings on a per-user basis | |
64 | #Match User anoncvs | |
65 | # X11Forwarding no | |
66 | --- openssh-4.6p1/ssh_config~ 2006-06-13 05:01:10.000000000 +0200 | |
67 | +++ openssh-4.6p1/ssh_config 2007-10-13 02:00:16.000000000 +0200 | |
68 | @@ -20,10 +20,13 @@ | |
69 | # Host * | |
70 | # ForwardAgent no | |
71 | # ForwardX11 no | |
72 | +# ForwardX11Trusted no | |
73 | # PasswordAuthentication yes | |
74 | # HostbasedAuthentication no | |
75 | # GSSAPIAuthentication no | |
76 | # GSSAPIDelegateCredentials no | |
77 | +# GSSAPIKeyExchange no | |
78 | +# GSSAPITrustDNS no | |
79 | # BatchMode no | |
80 | # CheckHostIP yes | |
81 | # AddressFamily any | |
82 | @@ -42,3 +45,18 @@ | |
83 | # VisualHostKey no | |
84 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | |
85 | # RekeyLimit 1G 1h | |
86 | + | |
87 | +Host * | |
88 | + GSSAPIAuthentication yes | |
89 | +# If this option is set to yes then remote X11 clients will have full access | |
90 | +# to the original X11 server. As some X11 clients don't support the untrusted | |
91 | +# mode correctly, you might consider changing this to 'yes' or using '-Y'. | |
92 | +# ForwardX11Trusted no | |
93 | + ServerAliveInterval 60 | |
94 | + ServerAliveCountMax 10 | |
95 | + TCPKeepAlive no | |
96 | + # Allow DSA keys | |
97 | +# PubkeyAcceptedKeyTypes +ssh-dss | |
98 | +# HostkeyAlgorithms +ssh-dss | |
99 | +# Send locale-related environment variables, also pass some GIT vars | |
100 | + SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL | |
101 | + HashKnownHosts yes |