X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=openssh-config.patch;h=915d1d76d7b0a04e481446edb7380db2a3ca7597;hb=d6acc60248d6bdbe5e9cfdf18cd926215bf4d0cc;hp=e206e23d3d561155465a849ce9b17854dabca3ae;hpb=7b7580be04c239a974d16f43adbdcf5861bdced0;p=packages%2Fopenssh.git

diff --git a/openssh-config.patch b/openssh-config.patch
index e206e23..915d1d7 100644
--- a/openssh-config.patch
+++ b/openssh-config.patch
@@ -9,29 +9,21 @@
  #StrictModes yes
  #MaxAuthTries 6
  #MaxSessions 10
-@@ -50,10 +51,16 @@
- #IgnoreUserKnownHosts no
- # Don't read the user's ~/.rhosts and ~/.shosts files
- #IgnoreRhosts yes
-+IgnoreRhosts yes
- 
+@@ -50,6 +51,9 @@
  # To disable tunneled clear text passwords, change to no here!
  #PasswordAuthentication yes
  #PermitEmptyPasswords no
-+PasswordAuthentication yes
-+PermitEmptyPasswords no
 +
 +# Allow DSA keys
-+#PubkeyAcceptedKeyTypes +ssh-dss
++## PubkeyAcceptedKeyTypes +ssh-dss
  
  # Change to no to disable s/key passwords
  #ChallengeResponseAuthentication yes
-@@ -66,6 +70,8 @@
+@@ -66,6 +70,7 @@
  # GSSAPI options
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
 +GSSAPIAuthentication yes
-+GSSAPICleanupCredentials yes
  
  # Set this to 'yes' to enable PAM authentication, account processing, 
  # and session processing. If this is enabled, PAM authentication will 
@@ -73,13 +65,11 @@
  #	X11Forwarding no
 --- openssh-4.6p1/ssh_config~	2006-06-13 05:01:10.000000000 +0200
 +++ openssh-4.6p1/ssh_config	2007-10-13 02:00:16.000000000 +0200
-@@ -20,12 +20,15 @@
+@@ -20,10 +20,13 @@
  # Host *
  #   ForwardAgent no
  #   ForwardX11 no
-+#   ForwardX11Trusted yes
- #   RhostsRSAAuthentication no
- #   RSAAuthentication yes
++#   ForwardX11Trusted no
  #   PasswordAuthentication yes
  #   HostbasedAuthentication no
  #   GSSAPIAuthentication no
@@ -89,24 +79,23 @@
  #   BatchMode no
  #   CheckHostIP yes
  #   AddressFamily any
-@@ -42,3 +45,19 @@
+@@ -42,3 +45,18 @@
  #   VisualHostKey no
  #   ProxyCommand ssh -q -W %h:%p gateway.example.com
  #   RekeyLimit 1G 1h
 +
 +Host *
 +	GSSAPIAuthentication yes
-+	GSSAPIDelegateCredentials no
-+	ForwardAgent no
-+	ForwardX11 no
 +# If this option is set to yes then remote X11 clients will have full access
-+# to the original X11 display. As virtually no X11 client supports the untrusted
-+# mode correctly we set this to yes.
-+	ForwardX11Trusted yes
-+	StrictHostKeyChecking no
++# to the original X11 server. As some X11 clients don't support the untrusted
++# mode correctly, you might consider changing this to 'yes' or using '-Y'.
++#	ForwardX11Trusted no
 +	ServerAliveInterval 60
 +	ServerAliveCountMax 10
 +	TCPKeepAlive no
++	# Allow DSA keys
++#	PubkeyAcceptedKeyTypes +ssh-dss
++#	HostkeyAlgorithms +ssh-dss
 +# Send locale-related environment variables, also pass some GIT vars
 +	SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
 +	HashKnownHosts yes