openssh/openssh-7.4p1-config.patch

diff -Naur -x '*~' -x '*.rej' -x '*.orig' openssh-7.4p1/ssh_config openssh-7.4p1-config/ssh_config
--- openssh-7.4p1/ssh_config	2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1-config/ssh_config	2016-12-19 19:51:43.724530831 +0100
@@ -19,7 +19,7 @@
 
 # Host *
 #   ForwardAgent no
-#   ForwardX11 no
+ForwardX11 yes
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
@@ -48,3 +48,13 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
+
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 display. As virtually no X11 client supports the untrusted
+# mode correctly we set this to yes.
+ForwardX11Trusted yes
+
+# Send locale-related environment variables
+#SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+#SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+#SendEnv LC_IDENTIFICATION LC_ALL
diff -Naur -x '*~' -x '*.rej' -x '*.orig' openssh-7.4p1/sshd_config openssh-7.4p1-config/sshd_config
--- openssh-7.4p1/sshd_config	2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1-config/sshd_config	2016-12-19 19:52:31.555080421 +0100
@@ -3,7 +3,7 @@
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
 
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+# This sshd was compiled with PATH=_OPENSSH_PATH_
 
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
@@ -15,10 +15,10 @@
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
-#HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_dsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
 
 # Ciphers and keying
 #RekeyLimit default none
@@ -80,12 +80,20 @@
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-#UsePAM no
+# Warning: when running under systemd, and PAM usage is disabled, restarting 
+# SSH service will likely kill off any ssh connections, including the
+# current one
+UsePAM yes
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL
 
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
-#X11Forwarding no
+X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
Updated to 7.5p1 2017-07-28 14:28:10 +03:00			`diff -Naur -x '~' -x '.rej' -x '*.orig' openssh-7.4p1/ssh_config openssh-7.4p1-config/ssh_config`
			`--- openssh-7.4p1/ssh_config 2016-12-19 05:59:41.000000000 +0100`
			`+++ openssh-7.4p1-config/ssh_config 2016-12-19 19:51:43.724530831 +0100`
			`@@ -19,7 +19,7 @@`

			`# Host *`
			`# ForwardAgent no`
			`-# ForwardX11 no`
			`+ForwardX11 yes`
			`# RhostsRSAAuthentication no`
			`# RSAAuthentication yes`
			`# PasswordAuthentication yes`
			`@@ -48,3 +48,13 @@`
			`# VisualHostKey no`
			`# ProxyCommand ssh -q -W %h:%p gateway.example.com`
			`# RekeyLimit 1G 1h`
			`+`
			`+# If this option is set to yes then remote X11 clients will have full access`
			`+# to the original X11 display. As virtually no X11 client supports the untrusted`
			`+# mode correctly we set this to yes.`
			`+ForwardX11Trusted yes`
			`+`
			`+# Send locale-related environment variables`
			`+#SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES`
			`+#SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT`
			`+#SendEnv LC_IDENTIFICATION LC_ALL`
			`diff -Naur -x '~' -x '.rej' -x '*.orig' openssh-7.4p1/sshd_config openssh-7.4p1-config/sshd_config`
			`--- openssh-7.4p1/sshd_config 2016-12-19 05:59:41.000000000 +0100`
			`+++ openssh-7.4p1-config/sshd_config 2016-12-19 19:52:31.555080421 +0100`
			`@@ -3,7 +3,7 @@`
			`# This is the sshd server system-wide configuration file. See`
			`# sshd_config(5) for more information.`

			`-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin`
			`+# This sshd was compiled with PATH=_OPENSSH_PATH_`

			`# The strategy used for options in the default sshd_config shipped with`
			`# OpenSSH is to specify options with their default value where`
			`@@ -15,10 +15,10 @@`
			`#ListenAddress 0.0.0.0`
			`#ListenAddress ::`

			`-#HostKey /etc/ssh/ssh_host_rsa_key`
			`+HostKey /etc/ssh/ssh_host_rsa_key`
			`#HostKey /etc/ssh/ssh_host_dsa_key`
			`-#HostKey /etc/ssh/ssh_host_ecdsa_key`
			`-#HostKey /etc/ssh/ssh_host_ed25519_key`
			`+HostKey /etc/ssh/ssh_host_ecdsa_key`
			`+HostKey /etc/ssh/ssh_host_ed25519_key`

			`# Ciphers and keying`
			`#RekeyLimit default none`
			`@@ -80,12 +80,20 @@`
			`# If you just want the PAM account and session checks to run without`
			`# PAM authentication, then enable this but set PasswordAuthentication`
			`# and ChallengeResponseAuthentication to 'no'.`
			`-#UsePAM no`
			`+# Warning: when running under systemd, and PAM usage is disabled, restarting`
			`+# SSH service will likely kill off any ssh connections, including the`
			`+# current one`
			`+UsePAM yes`
			`+`
			`+# Accept locale-related environment variables`
			`+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES`
			`+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT`
			`+AcceptEnv LC_IDENTIFICATION LC_ALL`

			`#AllowAgentForwarding yes`
			`#AllowTcpForwarding yes`
			`#GatewayPorts no`
			`-#X11Forwarding no`
			`+X11Forwarding yes`
			`#X11DisplayOffset 10`
			`#X11UseLocalhost yes`
			`#PermitTTY yes`