SHA256
1
0
forked from pool/openssh
openssh/openssh-5.9p1-sshd_config.diff

52 lines
1.6 KiB
Diff
Raw Normal View History

Index: ssh_config
===================================================================
--- ssh_config.orig
+++ ssh_config
@@ -17,9 +17,20 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
-# Host *
+Host *
# ForwardAgent no
# ForwardX11 no
+
+# If you do not trust your remote host (or its administrator), you
+# should not forward X11 connections to your local X11-display for
+# security reasons: Someone stealing the authentification data on the
+# remote side (the "spoofed" X-server by the remote sshd) can read your
+# keystrokes as you type, just like any other X11 client could do.
+# Set this to "no" here for global effect or in your own ~/.ssh/config
+# file if you want to have the remote X11 authentification data to
+# expire after two minutes after remote login.
+ForwardX11Trusted yes
+
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
Index: sshd_config
===================================================================
--- sshd_config.orig
+++ sshd_config
@@ -87,7 +87,7 @@
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
-#X11Forwarding no
+X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
Index: sshlogin.c
===================================================================
--- sshlogin.c.orig
+++ sshlogin.c
@@ -133,6 +133,7 @@ record_login(pid_t pid, const char *tty,
li = login_alloc_entry(pid, user, host, tty);
login_set_addr(li, addr, addrlen);
+ li->uid=uid;
login_login(li);
login_free_entry(li);
}