diff -Naur -x '*.orig' -x '*.rej' -x '*~' openssh-6.1p1/ssh_config openssh-6.1p1-config/ssh_config --- openssh-6.1p1/ssh_config 2010-01-12 09:40:27.000000000 +0100 +++ openssh-6.1p1-config/ssh_config 2012-09-05 09:20:25.752522218 +0200 @@ -45,3 +45,17 @@ # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com + +Host * + ForwardX11 yes + Protocol 2,1 + + # If this option is set to yes then remote X11 clients will have full access + # to the original X11 display. As virtually no X11 client supports the untrusted + # mode correctly we set this to yes. + ForwardX11Trusted yes + + # Send locale-related environment variables + #SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES + #SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + #SendEnv LC_IDENTIFICATION LC_ALL diff -Naur -x '*.orig' -x '*.rej' -x '*~' openssh-6.1p1/sshd_config openssh-6.1p1-config/sshd_config --- openssh-6.1p1/sshd_config 2012-07-31 04:21:34.000000000 +0200 +++ openssh-6.1p1-config/sshd_config 2012-09-05 09:25:28.015045983 +0200 @@ -3,7 +3,7 @@ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin +# This sshd was compiled with PATH=_OPENSSH_PATH_ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where @@ -19,10 +19,10 @@ #Protocol 2 # HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key +HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key # Lifetime and size of ephemeral version 1 server key @@ -37,7 +37,7 @@ # Authentication: #LoginGraceTime 2m -#PermitRootLogin yes +PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 @@ -87,12 +87,20 @@ # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. -#UsePAM no +# Warning: when running under systemd, and PAM usage is disabled, restarting +# SSH service will likely kill off any ssh connections, including the +# current one +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no -#X11Forwarding no +X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes