2017-12-17 01:17:56 +10:00
|
|
|
diff -urN openssh-7.6p1/ssh_config openssh-7.6p1-patched/ssh_config
|
|
|
|
|
--- openssh-7.6p1/ssh_config 2017-10-03 05:34:26.000000000 +1000
|
|
|
|
|
+++ openssh-7.6p1-patched/ssh_config 2017-12-17 01:04:35.918244111 +1000
|
2017-07-28 14:28:10 +03:00
|
|
|
@@ -19,7 +19,7 @@
|
|
|
|
|
|
|
|
|
|
# Host *
|
|
|
|
|
# ForwardAgent no
|
|
|
|
|
-# ForwardX11 no
|
|
|
|
|
+ForwardX11 yes
|
|
|
|
|
# PasswordAuthentication yes
|
2017-12-17 01:17:56 +10:00
|
|
|
# HostbasedAuthentication no
|
|
|
|
|
# GSSAPIAuthentication no
|
2018-11-08 12:03:17 +03:00
|
|
|
@@ -44,3 +44,16 @@
|
2017-07-28 14:28:10 +03:00
|
|
|
# VisualHostKey no
|
|
|
|
|
# ProxyCommand ssh -q -W %h:%p gateway.example.com
|
|
|
|
|
# RekeyLimit 1G 1h
|
|
|
|
|
+
|
|
|
|
|
+# If this option is set to yes then remote X11 clients will have full access
|
|
|
|
|
+# to the original X11 display. As virtually no X11 client supports the untrusted
|
|
|
|
|
+# mode correctly we set this to yes.
|
|
|
|
|
+ForwardX11Trusted yes
|
|
|
|
|
+
|
2018-11-08 12:03:17 +03:00
|
|
|
+Host *
|
|
|
|
|
+ GSSAPIAuthentication yes
|
|
|
|
|
+
|
2017-07-28 14:28:10 +03:00
|
|
|
+# Send locale-related environment variables
|
|
|
|
|
+#SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
|
|
|
+#SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
|
|
|
+#SendEnv LC_IDENTIFICATION LC_ALL
|
2017-12-17 01:17:56 +10:00
|
|
|
diff -urN openssh-7.6p1/sshd_config openssh-7.6p1-patched/sshd_config
|
|
|
|
|
--- openssh-7.6p1/sshd_config 2017-10-03 05:34:26.000000000 +1000
|
|
|
|
|
+++ openssh-7.6p1-patched/sshd_config 2017-12-17 01:03:49.008241124 +1000
|
2017-07-28 14:28:10 +03:00
|
|
|
@@ -3,7 +3,7 @@
|
|
|
|
|
# This is the sshd server system-wide configuration file. See
|
|
|
|
|
# sshd_config(5) for more information.
|
|
|
|
|
|
|
|
|
|
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
|
|
|
|
+# This sshd was compiled with PATH=_OPENSSH_PATH_
|
|
|
|
|
|
|
|
|
|
# The strategy used for options in the default sshd_config shipped with
|
|
|
|
|
# OpenSSH is to specify options with their default value where
|
2018-09-06 10:21:51 +03:00
|
|
|
@@ -15,9 +15,9 @@
|
2017-07-28 14:28:10 +03:00
|
|
|
#ListenAddress 0.0.0.0
|
|
|
|
|
#ListenAddress ::
|
|
|
|
|
|
|
|
|
|
-#HostKey /etc/ssh/ssh_host_rsa_key
|
|
|
|
|
+HostKey /etc/ssh/ssh_host_rsa_key
|
|
|
|
|
-#HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
|
|
|
-#HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
|
+HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
|
|
|
+HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
|
|
|
|
|
|
# Ciphers and keying
|
|
|
|
|
#RekeyLimit default none
|
|
|
|
|
@@ -80,12 +80,20 @@
|
|
|
|
|
# If you just want the PAM account and session checks to run without
|
|
|
|
|
# PAM authentication, then enable this but set PasswordAuthentication
|
|
|
|
|
# and ChallengeResponseAuthentication to 'no'.
|
|
|
|
|
-#UsePAM no
|
|
|
|
|
+# Warning: when running under systemd, and PAM usage is disabled, restarting
|
|
|
|
|
+# SSH service will likely kill off any ssh connections, including the
|
|
|
|
|
+# current one
|
|
|
|
|
+UsePAM yes
|
|
|
|
|
+
|
|
|
|
|
+# Accept locale-related environment variables
|
|
|
|
|
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
|
|
|
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
|
|
|
+AcceptEnv LC_IDENTIFICATION LC_ALL
|
|
|
|
|
|
|
|
|
|
#AllowAgentForwarding yes
|
|
|
|
|
#AllowTcpForwarding yes
|
|
|
|
|
#GatewayPorts no
|
|
|
|
|
-#X11Forwarding no
|
|
|
|
|
+X11Forwarding yes
|
|
|
|
|
#X11DisplayOffset 10
|
|
|
|
|
#X11UseLocalhost yes
|
|
|
|
|
#PermitTTY yes
|
