author | Tomas Kuthan <tomas.kuthan@oracle.com> |
Mon, 06 Feb 2017 22:51:03 -0800 | |
changeset 7649 | 69d7508f0d66 |
parent 5819 | c5f05bd2a9bc |
permissions | -rw-r--r-- |
2072
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
1 |
# |
2206
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
2 |
# Some options in OpenSSH have different default values from those in SunSSH. |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
3 |
# To make the transition smoother from SunSSH to OpenSSH, we change default |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
4 |
# values for the following options to be as same as those in SunSSH. |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
5 |
# |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
6 |
# GSSAPIAuthentication (for both server and client) |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
7 |
# X11Forwarding (for server) |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
8 |
# ForwardX11Trusted (for client) |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
9 |
# |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
10 |
# This is for Solaris only, we will not contribute back these changes to the |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
11 |
# upstream. |
2072
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
12 |
# |
5819
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
13 |
diff -pur old/readconf.c new/readconf.c |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
14 |
--- old/readconf.c |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
15 |
+++ new/readconf.c |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
16 |
@@ -1936,7 +1936,11 @@ fill_default_options(Options * options) |
2206
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
17 |
if (options->forward_x11 == -1) |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
18 |
options->forward_x11 = 0; |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
19 |
if (options->forward_x11_trusted == -1) |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
20 |
+#ifdef OPTION_DEFAULT_VALUE |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
21 |
+ options->forward_x11_trusted = 1; |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
22 |
+#else |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
23 |
options->forward_x11_trusted = 0; |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
24 |
+#endif |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
25 |
if (options->forward_x11_timeout == -1) |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
26 |
options->forward_x11_timeout = 1200; |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
27 |
/* |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
28 |
@@ -1969,7 +1973,11 @@ fill_default_options(Options * options) |
2072
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
29 |
if (options->challenge_response_authentication == -1) |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
30 |
options->challenge_response_authentication = 1; |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
31 |
if (options->gss_authentication == -1) |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
32 |
+#ifdef OPTION_DEFAULT_VALUE |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
33 |
+ options->gss_authentication = 1; |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
34 |
+#else |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
35 |
options->gss_authentication = 0; |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
36 |
+#endif |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
37 |
if (options->gss_deleg_creds == -1) |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
38 |
options->gss_deleg_creds = 0; |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
39 |
if (options->password_authentication == -1) |
5819
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
40 |
diff -pur old/servconf.c new/servconf.c |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
41 |
--- old/servconf.c |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
42 |
+++ new/servconf.c |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
43 |
@@ -249,7 +249,11 @@ fill_default_server_options(ServerOption |
2206
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
44 |
if (options->print_lastlog == -1) |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
45 |
options->print_lastlog = 1; |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
46 |
if (options->x11_forwarding == -1) |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
47 |
+#ifdef OPTION_DEFAULT_VALUE |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
48 |
+ options->x11_forwarding = 1; |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
49 |
+#else |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
50 |
options->x11_forwarding = 0; |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
51 |
+#endif |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
52 |
if (options->x11_display_offset == -1) |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
53 |
options->x11_display_offset = 10; |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
54 |
if (options->x11_use_localhost == -1) |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
55 |
@@ -283,7 +287,11 @@ fill_default_server_options(ServerOption |
2072
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
56 |
if (options->kerberos_get_afs_token == -1) |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
57 |
options->kerberos_get_afs_token = 0; |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
58 |
if (options->gss_authentication == -1) |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
59 |
+#ifdef OPTION_DEFAULT_VALUE |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
60 |
+ options->gss_authentication = 1; |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
61 |
+#else |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
62 |
options->gss_authentication = 0; |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
63 |
+#endif |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
64 |
if (options->gss_cleanup_creds == -1) |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
65 |
options->gss_cleanup_creds = 1; |
5819
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
66 |
if (options->gss_strict_acceptor == -1) |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
67 |
diff -pur old/ssh_config.5 new/ssh_config.5 |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
68 |
--- old/ssh_config.5 |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
69 |
+++ new/ssh_config.5 |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
70 |
@@ -714,12 +714,11 @@ The default is to disable untrusted X11 |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
71 |
elapsed. |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
72 |
.It Cm ForwardX11Trusted |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
73 |
If this option is set to |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
74 |
-.Cm yes , |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
75 |
+.Cm yes (the default on Solaris), |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
76 |
remote X11 clients will have full access to the original X11 display. |
2206
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
77 |
.Pp |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
78 |
If this option is set to |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
79 |
-.Cm no |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
80 |
-(the default), |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
81 |
+.Cm no, |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
82 |
remote X11 clients will be considered untrusted and prevented |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
83 |
from stealing or tampering with data belonging to trusted X11 |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
84 |
clients. |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
85 |
@@ -754,8 +753,8 @@ The default is |
2072
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
86 |
.Pa /etc/ssh/ssh_known_hosts2 . |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
87 |
.It Cm GSSAPIAuthentication |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
88 |
Specifies whether user authentication based on GSSAPI is allowed. |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
89 |
-The default is |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
90 |
-.Cm no . |
2072
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
91 |
+The default on Solaris is |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
92 |
+.Cm yes . |
2072
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
93 |
.It Cm GSSAPIDelegateCredentials |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
94 |
Forward (delegate) credentials to the server. |
5819
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
95 |
The default is |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
96 |
diff -pur old/sshd_config.5 new/sshd_config.5 |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
97 |
--- old/sshd_config.5 |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
98 |
+++ new/sshd_config.5 |
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
99 |
@@ -621,8 +621,8 @@ The default is |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
100 |
.Cm no . |
2072
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
101 |
.It Cm GSSAPIAuthentication |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
102 |
Specifies whether user authentication based on GSSAPI is allowed. |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
103 |
-The default is |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
104 |
-.Cm no . |
2072
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
105 |
+The default on Solaris is |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
106 |
+.Cm yes . |
2072
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
107 |
.It Cm GSSAPICleanupCredentials |
a9add2444420
19570656 GSSAPIAuthentication option should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
108 |
Specifies whether to automatically destroy the user's credentials cache |
5819
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
2206
diff
changeset
|
109 |
on logout. |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
110 |
@@ -1527,8 +1527,8 @@ The argument must be |
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
111 |
.Cm yes |
2206
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
112 |
or |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
113 |
.Cm no . |
2206
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
114 |
-The default is |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
115 |
-.Cm no . |
2206
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
116 |
+The default on Solaris is |
7649
69d7508f0d66
PSARC/2017/022 OpenSSH 7.4
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5819
diff
changeset
|
117 |
+.Cm yes . |
2206
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
118 |
.Pp |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
119 |
When X11 forwarding is enabled, there may be additional exposure to |
e71c20dca64b
19591379 X11Forwarding and ForwardX11Trusted should default to yes
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
2072
diff
changeset
|
120 |
the server and to client displays if the |