SOURCES: openssh-config.patch (NEW), openssh.conf (REMOVED), opens...

Sat Oct 13 02:13:45 CEST 2007

Author: baggins                      Date: Sat Oct 13 00:13:45 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- switch from providing our own (severly outdated) configs to patching
  default configs with our defaults

---- Files affected:
SOURCES:
   openssh-config.patch (NONE -> 1.1)  (NEW), openssh.conf (1.6 -> NONE)  (REMOVED), opensshd.conf (1.20 -> NONE)  (REMOVED)

---- Diffs:

================================================================
Index: SOURCES/openssh-config.patch
diff -u /dev/null SOURCES/openssh-config.patch:1.1

--- /dev/null	Sat Oct 13 02:13:45 2007
+++ SOURCES/openssh-config.patch	Sat Oct 13 02:13:40 2007
@@ -0,0 +1,106 @@
+--- openssh-4.6p1/sshd_config~	2007-10-13 01:37:17.000000000 +0200
++++ openssh-4.6p1/sshd_config	2007-10-13 01:47:12.000000000 +0200
+@@ -11,6 +11,7 @@
+ # default value.
+ 
+ #Port 22
++Protocol 2
+ #Protocol 2,1
+ #AddressFamily any
+ #ListenAddress 0.0.0.0
+@@ -34,6 +35,7 @@
+ 
+ #LoginGraceTime 2m
+ #PermitRootLogin yes
++PermitRootLogin no
+ #StrictModes yes
+ #MaxAuthTries 6
+ 
+@@ -50,10 +51,13 @@
+ #IgnoreUserKnownHosts no
+ # Don't read the user's ~/.rhosts and ~/.shosts files
+ #IgnoreRhosts yes
++IgnoreRhosts yes
+ 
+ # To disable tunneled clear text passwords, change to no here!
+ #PasswordAuthentication yes
+ #PermitEmptyPasswords no
++PasswordAuthentication yes
++PermitEmptyPasswords no
+ 
+ # Change to no to disable s/key passwords
+ #ChallengeResponseAuthentication yes
+@@ -66,6 +67,8 @@
+ # GSSAPI options
+ #GSSAPIAuthentication no
+ #GSSAPICleanupCredentials yes
++GSSAPIAuthentication yes
++GSSAPICleanupCredentials yes
+ 
+ # Set this to 'yes' to enable PAM authentication, account processing, 
+ # and session processing. If this is enabled, PAM authentication will 
+@@ -78,8 +79,16 @@
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and ChallengeResponseAuthentication to 'no'.
+ #UsePAM no
++UsePAM yes
++
++# Set this to 'yes' to enable support for chrooted user environment.
++# You must create such environment before you can use this feature. 
++#UseChroot yes
+ 
+ #AllowTcpForwarding yes
++# Security advisory:
++# http://securitytracker.com/alerts/2004/Sep/1011143.html
++AllowTcpForwarding no
+ #GatewayPorts no
+ #X11Forwarding no
+ #X11DisplayOffset 10
+@@ -106,6 +109,9 @@
+ # no default banner path
+ #Banner /some/path
+ 
++# Accept locale-related environment variables
++AcceptEnv LANG LC_* 
++
+ # override default of no subsystems
+ Subsystem	sftp	/usr/libexec/sftp-server
+ 
+--- openssh-4.6p1/ssh_config~	2006-06-13 05:01:10.000000000 +0200
++++ openssh-4.6p1/ssh_config	2007-10-13 02:00:16.000000000 +0200
+@@ -20,12 +20,15 @@
+ # Host *
+ #   ForwardAgent no
+ #   ForwardX11 no
++#   ForwardX11Trusted yes
+ #   RhostsRSAAuthentication no
+ #   RSAAuthentication yes
+ #   PasswordAuthentication yes
+ #   HostbasedAuthentication no
+ #   GSSAPIAuthentication no
+ #   GSSAPIDelegateCredentials no
++#   GSSAPIKeyExchange no
++#   GSSAPITrustDNS no
+ #   BatchMode no
+ #   CheckHostIP yes
+ #   AddressFamily any
+@@ -42,3 +45,19 @@
+ #   Tunnel no
+ #   TunnelDevice any:any
+ #   PermitLocalCommand no
++
++Host *
++	GSSAPIAuthentication yes
++	GSSAPIDelegateCredentials no
++	ForwardAgent no
++	ForwardX11 no
++# If this option is set to yes then remote X11 clients will have full access
++# to the original X11 display. As virtually no X11 client supports the untrusted
++# mode correctly we set this to yes.
++	ForwardX11Trusted yes
++	StrictHostKeyChecking no
++	ServerAliveInterval 60
++	ServerAliveCountMax 10
++	TCPKeepAlive no
++# Send locale-related environment variables
++	SendEnv LANG LC_*
================================================================
