mirror of
https://abf.rosa.ru/djam/openssh.git
synced 2025-02-24 02:02:57 +00:00
92 lines
3 KiB
Diff
92 lines
3 KiB
Diff
diff -ur openssh-9.5p1/ssh_config openssh-9.5p1_patched/ssh_config
|
|
--- openssh-9.5p1/ssh_config 2023-10-04 07:34:10.000000000 +0300
|
|
+++ openssh-9.5p1_patched/ssh_config 2023-11-06 13:49:12.197701005 +0300
|
|
@@ -19,7 +19,7 @@
|
|
|
|
# Host *
|
|
# ForwardAgent no
|
|
-# ForwardX11 no
|
|
+ForwardX11 yes
|
|
# PasswordAuthentication yes
|
|
# HostbasedAuthentication no
|
|
# GSSAPIAuthentication no
|
|
@@ -44,3 +44,16 @@
|
|
# ProxyCommand ssh -q -W %h:%p gateway.example.com
|
|
# RekeyLimit 1G 1h
|
|
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
|
|
+
|
|
+# If this option is set to yes then remote X11 clients will have full access
|
|
+# to the original X11 display. As virtually no X11 client supports the untrusted
|
|
+# mode correctly we set this to yes.
|
|
+ForwardX11Trusted yes
|
|
+
|
|
+Host *
|
|
+ GSSAPIAuthentication yes
|
|
+
|
|
+# Send locale-related environment variables
|
|
+#SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
+#SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
+#SendEnv LC_IDENTIFICATION LC_ALL
|
|
diff -ur openssh-9.5p1/sshd_config openssh-9.5p1_patched/sshd_config
|
|
--- openssh-9.5p1/sshd_config 2023-10-04 07:34:10.000000000 +0300
|
|
+++ openssh-9.5p1_patched/sshd_config 2023-11-06 13:51:07.128061341 +0300
|
|
@@ -3,7 +3,7 @@
|
|
# This is the sshd server system-wide configuration file. See
|
|
# sshd_config(5) for more information.
|
|
|
|
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
|
+# This sshd was compiled with PATH=_OPENSSH_PATH_
|
|
|
|
# The strategy used for options in the default sshd_config shipped with
|
|
# OpenSSH is to specify options with their default value where
|
|
@@ -15,9 +15,9 @@
|
|
#ListenAddress 0.0.0.0
|
|
#ListenAddress ::
|
|
|
|
-#HostKey /etc/ssh/ssh_host_rsa_key
|
|
-#HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
-#HostKey /etc/ssh/ssh_host_ed25519_key
|
|
+HostKey /etc/ssh/ssh_host_rsa_key
|
|
+HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
+HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
# Ciphers and keying
|
|
#RekeyLimit default none
|
|
@@ -29,6 +29,7 @@
|
|
# Authentication:
|
|
|
|
#LoginGraceTime 2m
|
|
+# [ROSA] Edit /etc/ssh/denyusers and remove 'root' to enable PermitRootLogin
|
|
#PermitRootLogin prohibit-password
|
|
#StrictModes yes
|
|
#MaxAuthTries 6
|
|
@@ -79,12 +80,20 @@
|
|
# If you just want the PAM account and session checks to run without
|
|
# PAM authentication, then enable this but set PasswordAuthentication
|
|
# and KbdInteractiveAuthentication to 'no'.
|
|
-#UsePAM no
|
|
+# Warning: when running under systemd, and PAM usage is disabled, restarting
|
|
+# SSH service will likely kill off any ssh connections, including the
|
|
+# current one
|
|
+UsePAM yes
|
|
+
|
|
+# Accept locale-related environment variables
|
|
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
+AcceptEnv LC_IDENTIFICATION LC_ALL
|
|
|
|
#AllowAgentForwarding yes
|
|
#AllowTcpForwarding yes
|
|
#GatewayPorts no
|
|
-#X11Forwarding no
|
|
+X11Forwarding yes
|
|
#X11DisplayOffset 10
|
|
#X11UseLocalhost yes
|
|
#PermitTTY yes
|
|
@@ -114,3 +123,6 @@
|
|
# AllowTcpForwarding no
|
|
# PermitTTY no
|
|
# ForceCommand cvs server
|
|
+
|
|
+# Include additional files if there are any
|
|
+Include /etc/ssh/sshd_config.d/*
|