diff -Naur -x '*~' -x '*.rej' -x '*.orig' openssh-7.4p1/ssh_config openssh-7.4p1-config/ssh_config --- openssh-7.4p1/ssh_config 2016-12-19 05:59:41.000000000 +0100 +++ openssh-7.4p1-config/ssh_config 2016-12-19 19:51:43.724530831 +0100 @@ -19,7 +19,7 @@ # Host * # ForwardAgent no -# ForwardX11 no +ForwardX11 yes # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes @@ -48,3 +48,13 @@ # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h + +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 display. As virtually no X11 client supports the untrusted +# mode correctly we set this to yes. +ForwardX11Trusted yes + +# Send locale-related environment variables +#SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +#SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +#SendEnv LC_IDENTIFICATION LC_ALL diff -Naur -x '*~' -x '*.rej' -x '*.orig' openssh-7.4p1/sshd_config openssh-7.4p1-config/sshd_config --- openssh-7.4p1/sshd_config 2016-12-19 05:59:41.000000000 +0100 +++ openssh-7.4p1-config/sshd_config 2016-12-19 19:52:31.555080421 +0100 @@ -3,7 +3,7 @@ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin +# This sshd was compiled with PATH=_OPENSSH_PATH_ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where @@ -15,10 +15,10 @@ #ListenAddress 0.0.0.0 #ListenAddress :: -#HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none @@ -80,12 +80,20 @@ # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. -#UsePAM no +# Warning: when running under systemd, and PAM usage is disabled, restarting +# SSH service will likely kill off any ssh connections, including the +# current one +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no -#X11Forwarding no +X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes