1 diff -urNp -x '*.orig' openssh-8.4p1.org/ssh_config openssh-8.4p1/ssh_config
2 --- openssh-8.4p1.org/ssh_config 2020-09-27 09:25:01.000000000 +0200
3 +++ openssh-8.4p1/ssh_config 2021-03-01 11:30:15.249892693 +0100
8 +# ForwardX11Trusted no
9 # PasswordAuthentication yes
10 # HostbasedAuthentication no
11 # GSSAPIAuthentication no
12 # GSSAPIDelegateCredentials no
13 +# GSSAPIKeyExchange no
19 # ProxyCommand ssh -q -W %h:%p gateway.example.com
21 # UserKnownHostsFile ~/.ssh/known_hosts.d/%k
24 + GSSAPIAuthentication yes
25 +# If this option is set to yes then remote X11 clients will have full access
26 +# to the original X11 server. As some X11 clients don't support the untrusted
27 +# mode correctly, you might consider changing this to 'yes' or using '-Y'.
28 +# ForwardX11Trusted no
29 + ServerAliveInterval 60
30 + ServerAliveCountMax 10
33 +# PubkeyAcceptedKeyTypes +ssh-dss
34 +# HostkeyAlgorithms +ssh-dss
35 +# Send locale-related environment variables, also pass some GIT vars
36 + SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
37 diff -urNp -x '*.orig' openssh-8.4p1.org/sshd_config openssh-8.4p1/sshd_config
38 --- openssh-8.4p1.org/sshd_config 2020-09-27 09:25:01.000000000 +0200
39 +++ openssh-8.4p1/sshd_config 2021-03-01 11:30:15.249892693 +0100
44 -#PermitRootLogin prohibit-password
49 @@ -57,6 +57,9 @@ AuthorizedKeysFile .ssh/authorized_keys
50 #PasswordAuthentication yes
51 #PermitEmptyPasswords no
54 +## PubkeyAcceptedKeyTypes +ssh-dss
56 # Change to no to disable s/key passwords
57 #ChallengeResponseAuthentication yes
59 @@ -69,6 +72,7 @@ AuthorizedKeysFile .ssh/authorized_keys
61 #GSSAPIAuthentication no
62 #GSSAPICleanupCredentials yes
63 +GSSAPIAuthentication yes
65 # Set this to 'yes' to enable PAM authentication, account processing,
66 # and session processing. If this is enabled, PAM authentication will
67 @@ -79,10 +83,12 @@ AuthorizedKeysFile .ssh/authorized_keys
68 # If you just want the PAM account and session checks to run without
69 # PAM authentication, then enable this but set PasswordAuthentication
70 # and ChallengeResponseAuthentication to 'no'.
74 #AllowAgentForwarding yes
75 -#AllowTcpForwarding yes
77 +# http://securitytracker.com/alerts/2004/Sep/1011143.html
78 +AllowTcpForwarding no
82 @@ -105,9 +111,16 @@ AuthorizedKeysFile .ssh/authorized_keys
83 # no default banner path
86 +# Accept locale-related environment variables, also accept some GIT vars
87 +AcceptEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
89 # override default of no subsystems
90 Subsystem sftp /usr/libexec/sftp-server
92 +# Uncomment this if you want to use .local domain
96 # Example of overriding settings on a per-user basis