[packages/openssh.git] / openssh-config.patch

--- openssh-4.6p1/sshd_config~	2007-10-13 01:37:17.000000000 +0200
+++ openssh-4.6p1/sshd_config	2007-10-13 01:47:12.000000000 +0200
@@ -11,6 +11,7 @@
 # default value.
 
 #Port 22
+Protocol 2
 #Protocol 2,1
 #AddressFamily any
 #ListenAddress 0.0.0.0
@@ -34,6 +35,7 @@
 
 #LoginGraceTime 2m
 #PermitRootLogin yes
+PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 
@@ -50,10 +51,13 @@
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
+IgnoreRhosts yes
 
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
+PasswordAuthentication yes
+PermitEmptyPasswords no
 
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
@@ -66,6 +67,8 @@
 # GSSAPI options
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
 
 # Set this to 'yes' to enable PAM authentication, account processing, 
 # and session processing. If this is enabled, PAM authentication will 
@@ -78,8 +79,16 @@
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 #UsePAM no
+UsePAM yes
+
+# Set this to 'yes' to enable support for chrooted user environment.
+# You must create such environment before you can use this feature. 
+#UseChroot yes
 
 #AllowTcpForwarding yes
+# Security advisory:
+# http://securitytracker.com/alerts/2004/Sep/1011143.html
+AllowTcpForwarding no
 #GatewayPorts no
 #X11Forwarding no
 #X11DisplayOffset 10
@@ -106,6 +109,9 @@
 # no default banner path
 #Banner /some/path
 
+# Accept locale-related environment variables
+AcceptEnv LANG LC_* 
+
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
 
--- openssh-4.6p1/ssh_config~	2006-06-13 05:01:10.000000000 +0200
+++ openssh-4.6p1/ssh_config	2007-10-13 02:00:16.000000000 +0200
@@ -20,12 +20,15 @@
 # Host *
 #   ForwardAgent no
 #   ForwardX11 no
+#   ForwardX11Trusted yes
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
 #   HostbasedAuthentication no
 #   GSSAPIAuthentication no
 #   GSSAPIDelegateCredentials no
+#   GSSAPIKeyExchange no
+#   GSSAPITrustDNS no
 #   BatchMode no
 #   CheckHostIP yes
 #   AddressFamily any
@@ -42,3 +45,19 @@
 #   Tunnel no
 #   TunnelDevice any:any
 #   PermitLocalCommand no
+
+Host *
+	GSSAPIAuthentication yes
+	GSSAPIDelegateCredentials no
+	ForwardAgent no
+	ForwardX11 no
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 display. As virtually no X11 client supports the untrusted
+# mode correctly we set this to yes.
+	ForwardX11Trusted yes
+	StrictHostKeyChecking no
+	ServerAliveInterval 60
+	ServerAliveCountMax 10
+	TCPKeepAlive no
+# Send locale-related environment variables
+	SendEnv LANG LC_*
Commit	Line	Data
2f55b62d JR	1	--- openssh-4.6p1/sshd_config~ 2007-10-13 01:37:17.000000000 +0200
	2	+++ openssh-4.6p1/sshd_config 2007-10-13 01:47:12.000000000 +0200
	3	@@ -11,6 +11,7 @@
	4	# default value.
	5
	6	#Port 22
	7	+Protocol 2
	8	#Protocol 2,1
	9	#AddressFamily any
	10	#ListenAddress 0.0.0.0
	11	@@ -34,6 +35,7 @@
	12
	13	#LoginGraceTime 2m
	14	#PermitRootLogin yes
	15	+PermitRootLogin no
	16	#StrictModes yes
	17	#MaxAuthTries 6
	18
	19	@@ -50,10 +51,13 @@
	20	#IgnoreUserKnownHosts no
	21	# Don't read the user's ~/.rhosts and ~/.shosts files
	22	#IgnoreRhosts yes
	23	+IgnoreRhosts yes
	24
	25	# To disable tunneled clear text passwords, change to no here!
	26	#PasswordAuthentication yes
	27	#PermitEmptyPasswords no
	28	+PasswordAuthentication yes
	29	+PermitEmptyPasswords no
	30
	31	# Change to no to disable s/key passwords
	32	#ChallengeResponseAuthentication yes
	33	@@ -66,6 +67,8 @@
	34	# GSSAPI options
	35	#GSSAPIAuthentication no
	36	#GSSAPICleanupCredentials yes
	37	+GSSAPIAuthentication yes
	38	+GSSAPICleanupCredentials yes
	39
	40	# Set this to 'yes' to enable PAM authentication, account processing,
	41	# and session processing. If this is enabled, PAM authentication will
	42	@@ -78,8 +79,16 @@
	43	# PAM authentication, then enable this but set PasswordAuthentication
	44	# and ChallengeResponseAuthentication to 'no'.
	45	#UsePAM no
	46	+UsePAM yes
	47	+
	48	+# Set this to 'yes' to enable support for chrooted user environment.
	49	+# You must create such environment before you can use this feature.
	50	+#UseChroot yes
	51
	52	#AllowTcpForwarding yes
	53	+# Security advisory:
	54	+# http://securitytracker.com/alerts/2004/Sep/1011143.html
	55	+AllowTcpForwarding no
	56	#GatewayPorts no
	57	#X11Forwarding no
	58	#X11DisplayOffset 10
	59	@@ -106,6 +109,9 @@
	60	# no default banner path
	61	#Banner /some/path
	62
	63	+# Accept locale-related environment variables
	64	+AcceptEnv LANG LC_*
65	+
66	# override default of no subsystems
67	Subsystem sftp /usr/libexec/sftp-server
68
69	--- openssh-4.6p1/ssh_config~ 2006-06-13 05:01:10.000000000 +0200
70	+++ openssh-4.6p1/ssh_config 2007-10-13 02:00:16.000000000 +0200
71	@@ -20,12 +20,15 @@
72	# Host *
73	# ForwardAgent no
74	# ForwardX11 no
75	+# ForwardX11Trusted yes
76	# RhostsRSAAuthentication no
77	# RSAAuthentication yes
78	# PasswordAuthentication yes
79	# HostbasedAuthentication no
80	# GSSAPIAuthentication no
81	# GSSAPIDelegateCredentials no
82	+# GSSAPIKeyExchange no
83	+# GSSAPITrustDNS no
84	# BatchMode no
85	# CheckHostIP yes
86	# AddressFamily any
87	@@ -42,3 +45,19 @@
88	# Tunnel no
89	# TunnelDevice any:any
90	# PermitLocalCommand no
91	+
92	+Host *
93	+ GSSAPIAuthentication yes
94	+ GSSAPIDelegateCredentials no
95	+ ForwardAgent no
96	+ ForwardX11 no
97	+# If this option is set to yes then remote X11 clients will have full access
98	+# to the original X11 display. As virtually no X11 client supports the untrusted
99	+# mode correctly we set this to yes.
100	+ ForwardX11Trusted yes
101	+ StrictHostKeyChecking no
102	+ ServerAliveInterval 60
103	+ ServerAliveCountMax 10
104	+ TCPKeepAlive no
105	+# Send locale-related environment variables
106	+ SendEnv LANG LC_*