diff -Naur -x '*.rej' -x '*.orig' -x '*~' openssh-6.5p1/ssh_config openssh-6.5p1-config/ssh_config --- openssh-6.5p1/ssh_config 2013-10-10 01:24:12.000000000 +0200 +++ openssh-6.5p1-config/ssh_config 2014-02-04 21:04:18.685518659 +0100 @@ -19,7 +19,7 @@ # Host * # ForwardAgent no -# ForwardX11 no +ForwardX11 yes # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes @@ -46,3 +46,13 @@ # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h + +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 display. As virtually no X11 client supports the untrusted +# mode correctly we set this to yes. +ForwardX11Trusted yes + +# Send locale-related environment variables +#SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +#SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +#SendEnv LC_IDENTIFICATION LC_ALL diff -Naur -x '*.rej' -x '*.orig' -x '*~' openssh-6.5p1/sshd_config openssh-6.5p1-config/sshd_config --- openssh-6.5p1/sshd_config 2014-01-12 09:20:47.000000000 +0100 +++ openssh-6.5p1-config/sshd_config 2014-02-04 20:59:32.985585770 +0100 @@ -3,7 +3,7 @@ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin +# This sshd was compiled with PATH=_OPENSSH_PATH_ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where @@ -19,10 +19,10 @@ #Protocol 2 # HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key +HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key @@ -41,7 +41,7 @@ # Authentication: #LoginGraceTime 2m -#PermitRootLogin yes +PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 @@ -94,12 +94,20 @@ # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. -#UsePAM no +# Warning: when running under systemd, and PAM usage is disabled, restarting +# SSH service will likely kill off any ssh connections, including the +# current one +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no -#X11Forwarding no +X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes