- openssl-1.0.2o rebuild

[packages/openssh.git] / openssh-config.patch

diff --git a/openssh-config.patch b/openssh-config.patch
index e206e23d3d561155465a849ce9b17854dabca3ae..915d1d76d7b0a04e481446edb7380db2a3ca7597 100644 (file)
--- a/openssh-config.patch
+++ b/openssh-config.patch
@@ -9,29 +9,21 @@
  #StrictModes yes
  #MaxAuthTries 6
  #MaxSessions 10
-@@ -50,10 +51,16 @@
- #IgnoreUserKnownHosts no
- # Don't read the user's ~/.rhosts and ~/.shosts files
- #IgnoreRhosts yes
-+IgnoreRhosts yes
- 
+@@ -50,6 +51,9 @@
  # To disable tunneled clear text passwords, change to no here!
  #PasswordAuthentication yes
  #PermitEmptyPasswords no
-+PasswordAuthentication yes
-+PermitEmptyPasswords no
 +
 +# Allow DSA keys
-+#PubkeyAcceptedKeyTypes +ssh-dss
++## PubkeyAcceptedKeyTypes +ssh-dss
  
  # Change to no to disable s/key passwords
  #ChallengeResponseAuthentication yes
-@@ -66,6 +70,8 @@
+@@ -66,6 +70,7 @@
  # GSSAPI options
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
 +GSSAPIAuthentication yes
-+GSSAPICleanupCredentials yes
  
  # Set this to 'yes' to enable PAM authentication, account processing, 
  # and session processing. If this is enabled, PAM authentication will 
@@ -73,13 +65,11 @@
  #     X11Forwarding no
 --- openssh-4.6p1/ssh_config~  2006-06-13 05:01:10.000000000 +0200
 +++ openssh-4.6p1/ssh_config   2007-10-13 02:00:16.000000000 +0200
-@@ -20,12 +20,15 @@
+@@ -20,10 +20,13 @@
  # Host *
  #   ForwardAgent no
  #   ForwardX11 no
-+#   ForwardX11Trusted yes
- #   RhostsRSAAuthentication no
- #   RSAAuthentication yes
++#   ForwardX11Trusted no
  #   PasswordAuthentication yes
  #   HostbasedAuthentication no
  #   GSSAPIAuthentication no
@@ -89,24 +79,23 @@
  #   BatchMode no
  #   CheckHostIP yes
  #   AddressFamily any
-@@ -42,3 +45,19 @@
+@@ -42,3 +45,18 @@
  #   VisualHostKey no
  #   ProxyCommand ssh -q -W %h:%p gateway.example.com
  #   RekeyLimit 1G 1h
 +
 +Host *
 +      GSSAPIAuthentication yes
-+      GSSAPIDelegateCredentials no
-+      ForwardAgent no
-+      ForwardX11 no
 +# If this option is set to yes then remote X11 clients will have full access
-+# to the original X11 display. As virtually no X11 client supports the untrusted
-+# mode correctly we set this to yes.
-+      ForwardX11Trusted yes
-+      StrictHostKeyChecking no
++# to the original X11 server. As some X11 clients don't support the untrusted
++# mode correctly, you might consider changing this to 'yes' or using '-Y'.
++#     ForwardX11Trusted no
 +      ServerAliveInterval 60
 +      ServerAliveCountMax 10
 +      TCPKeepAlive no
++      # Allow DSA keys
++#     PubkeyAcceptedKeyTypes +ssh-dss
++#     HostkeyAlgorithms +ssh-dss
 +# Send locale-related environment variables, also pass some GIT vars
 +      SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
 +      HashKnownHosts yes