]>
Commit | Line | Data |
---|---|---|
730d6499 AM |
1 | diff -urNp -x '*.orig' openssh-8.8p1.org/ssh_config openssh-8.8p1/ssh_config |
2 | --- openssh-8.8p1.org/ssh_config 2021-09-26 16:03:19.000000000 +0200 | |
3 | +++ openssh-8.8p1/ssh_config 2021-12-09 20:12:26.796586510 +0100 | |
7ae7664a AM |
4 | @@ -20,10 +20,13 @@ |
5 | # Host * | |
6 | # ForwardAgent no | |
7 | # ForwardX11 no | |
8 | +# ForwardX11Trusted no | |
9 | # PasswordAuthentication yes | |
10 | # HostbasedAuthentication no | |
11 | # GSSAPIAuthentication no | |
12 | # GSSAPIDelegateCredentials no | |
13 | +# GSSAPIKeyExchange no | |
14 | +# GSSAPITrustDNS no | |
15 | # BatchMode no | |
16 | # CheckHostIP yes | |
17 | # AddressFamily any | |
18 | @@ -44,3 +47,18 @@ | |
19 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | |
20 | # RekeyLimit 1G 1h | |
21 | # UserKnownHostsFile ~/.ssh/known_hosts.d/%k | |
22 | + | |
23 | +Host * | |
24 | + GSSAPIAuthentication yes | |
25 | +# If this option is set to yes then remote X11 clients will have full access | |
26 | +# to the original X11 server. As some X11 clients don't support the untrusted | |
27 | +# mode correctly, you might consider changing this to 'yes' or using '-Y'. | |
28 | +# ForwardX11Trusted no | |
29 | + ServerAliveInterval 60 | |
30 | + ServerAliveCountMax 10 | |
31 | + TCPKeepAlive no | |
32 | + # Allow DSA keys | |
33 | +# PubkeyAcceptedKeyTypes +ssh-dss | |
34 | +# HostkeyAlgorithms +ssh-dss | |
35 | +# Send locale-related environment variables, also pass some GIT vars | |
36 | + SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL | |
730d6499 AM |
37 | diff -urNp -x '*.orig' openssh-8.8p1.org/sshd_config openssh-8.8p1/sshd_config |
38 | --- openssh-8.8p1.org/sshd_config 2021-09-26 16:03:19.000000000 +0200 | |
39 | +++ openssh-8.8p1/sshd_config 2021-12-09 20:12:26.796586510 +0100 | |
7ae7664a | 40 | @@ -29,7 +29,7 @@ |
4c64cbae | 41 | # Authentication: |
2f55b62d JR |
42 | |
43 | #LoginGraceTime 2m | |
f9d8b6a7 | 44 | -#PermitRootLogin prohibit-password |
2f55b62d JR |
45 | +PermitRootLogin no |
46 | #StrictModes yes | |
47 | #MaxAuthTries 6 | |
4c64cbae | 48 | #MaxSessions 10 |
7ae7664a | 49 | @@ -57,6 +57,9 @@ AuthorizedKeysFile .ssh/authorized_keys |
2f55b62d JR |
50 | #PasswordAuthentication yes |
51 | #PermitEmptyPasswords no | |
7ae7664a | 52 | |
7b7580be | 53 | +# Allow DSA keys |
aeeeb6db | 54 | +## PubkeyAcceptedKeyTypes +ssh-dss |
7ae7664a | 55 | + |
2f55b62d | 56 | # Change to no to disable s/key passwords |
db72af45 | 57 | #KbdInteractiveAuthentication yes |
7ae7664a AM |
58 | |
59 | @@ -69,6 +72,7 @@ AuthorizedKeysFile .ssh/authorized_keys | |
2f55b62d JR |
60 | # GSSAPI options |
61 | #GSSAPIAuthentication no | |
62 | #GSSAPICleanupCredentials yes | |
63 | +GSSAPIAuthentication yes | |
2f55b62d | 64 | |
7ae7664a AM |
65 | # Set this to 'yes' to enable PAM authentication, account processing, |
66 | # and session processing. If this is enabled, PAM authentication will | |
730d6499 | 67 | @@ -79,7 +83,7 @@ AuthorizedKeysFile .ssh/authorized_keys |
fc8529e5 | 68 | # If you just want the PAM account and session checks to run without |
2f55b62d | 69 | # PAM authentication, then enable this but set PasswordAuthentication |
db72af45 | 70 | # and KbdInteractiveAuthentication to 'no'. |
fc8529e5 | 71 | -#UsePAM no |
2f55b62d | 72 | +UsePAM yes |
2f55b62d | 73 | |
fc8529e5 | 74 | #AllowAgentForwarding yes |
730d6499 AM |
75 | #AllowTcpForwarding yes |
76 | @@ -105,9 +109,16 @@ AuthorizedKeysFile .ssh/authorized_keys | |
2f55b62d | 77 | # no default banner path |
7ae7664a | 78 | #Banner none |
2f55b62d | 79 | |
d63b3d02 | 80 | +# Accept locale-related environment variables, also accept some GIT vars |
11890360 | 81 | +AcceptEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL |
2f55b62d JR |
82 | + |
83 | # override default of no subsystems | |
84 | Subsystem sftp /usr/libexec/sftp-server | |
85 | ||
06629a71 ER |
86 | +# Uncomment this if you want to use .local domain |
87 | +#Host *.local | |
88 | +# CheckHostIP no | |
89 | + | |
90 | # Example of overriding settings on a per-user basis | |
91 | #Match User anoncvs | |
92 | # X11Forwarding no |