openssh/openssh-5.9p1-redhat.patch

diff -up openssh-5.9p0/ssh_config.redhat openssh-5.9p0/ssh_config
--- openssh-5.9p0/ssh_config.redhat	2010-01-12 09:40:27.000000000 +0100
+++ openssh-5.9p0/ssh_config	2011-09-05 14:48:16.386439023 +0200
@@ -45,3 +45,14 @@
 #   PermitLocalCommand no
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
+Host *
+	GSSAPIAuthentication yes
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 display. As virtually no X11 client supports the untrusted
+# mode correctly we set this to yes.
+	ForwardX11Trusted yes
+# Send locale-related environment variables
+	SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
+	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
+	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+	SendEnv XMODIFIERS
diff -up openssh-5.9p0/sshd_config.0.redhat openssh-5.9p0/sshd_config.0
--- openssh-5.9p0/sshd_config.0.redhat	2011-09-05 14:48:08.522441255 +0200
+++ openssh-5.9p0/sshd_config.0	2011-09-05 14:48:16.477443868 +0200
@@ -581,9 +581,9 @@ DESCRIPTION
 
      SyslogFacility
              Gives the facility code that is used when logging messages from
-             sshd(8).  The possible values are: DAEMON, USER, AUTH, LOCAL0,
-             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The
-             default is AUTH.
+             sshd(8).  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
+             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+             The default is AUTH.
 
      TCPKeepAlive
              Specifies whether the system should send TCP keepalive messages
diff -up openssh-5.9p0/sshd_config.5.redhat openssh-5.9p0/sshd_config.5
--- openssh-5.9p0/sshd_config.5.redhat	2011-09-05 14:48:08.657564688 +0200
+++ openssh-5.9p0/sshd_config.5	2011-09-05 14:48:16.589501736 +0200
@@ -1029,7 +1029,7 @@ Note that this option applies to protoco
 .It Cm SyslogFacility
 Gives the facility code that is used when logging messages from
 .Xr sshd 8 .
-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 The default is AUTH.
 .It Cm TCPKeepAlive
diff -up openssh-5.9p0/sshd_config.redhat openssh-5.9p0/sshd_config
--- openssh-5.9p0/sshd_config.redhat	2011-09-05 14:48:16.250626793 +0200
+++ openssh-5.9p0/sshd_config	2011-09-05 15:06:01.513443553 +0200
@@ -32,6 +32,7 @@
 # Logging
 # obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH
+SyslogFacility AUTHPRIV
 #LogLevel INFO
 
 # Authentication:
@@ -65,9 +66,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
+PasswordAuthentication yes
 
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
 
 # Kerberos options
 #KerberosAuthentication no
@@ -77,7 +80,9 @@ AuthorizedKeysFile	.ssh/authorized_keys
 
 # GSSAPI options
 #GSSAPIAuthentication no
+GSSAPIAuthentication yes
 #GSSAPICleanupCredentials yes
+GSSAPICleanupCredentials yes
 
 # Set this to 'yes' to enable PAM authentication, account processing, 
 # and session processing. If this is enabled, PAM authentication will 
@@ -89,6 +94,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 #UsePAM no
+UsePAM yes
 
 #TwoFactorAuthentication no
 #SecondPubkeyAuthentication yes
@@ -101,6 +107,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #AllowTcpForwarding yes
 #GatewayPorts no
 #X11Forwarding no
+X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PrintMotd yes
@@ -121,6 +128,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # no default banner path
 #Banner none
 
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
ignore SIGPIPE in ssh keyscan 2011-09-07 13:12:54 +00:00			`diff -up openssh-5.9p0/ssh_config.redhat openssh-5.9p0/ssh_config`
			`--- openssh-5.9p0/ssh_config.redhat 2010-01-12 09:40:27.000000000 +0100`
			`+++ openssh-5.9p0/ssh_config 2011-09-05 14:48:16.386439023 +0200`
			`@@ -45,3 +45,14 @@`
			`# PermitLocalCommand no`
			`# VisualHostKey no`
			`# ProxyCommand ssh -q -W %h:%p gateway.example.com`
			`+Host *`
			`+ GSSAPIAuthentication yes`
			`+# If this option is set to yes then remote X11 clients will have full access`
			`+# to the original X11 display. As virtually no X11 client supports the untrusted`
			`+# mode correctly we set this to yes.`
			`+ ForwardX11Trusted yes`
			`+# Send locale-related environment variables`
			`+ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES`
			`+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT`
			`+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE`
			`+ SendEnv XMODIFIERS`
			`diff -up openssh-5.9p0/sshd_config.0.redhat openssh-5.9p0/sshd_config.0`
			`--- openssh-5.9p0/sshd_config.0.redhat 2011-09-05 14:48:08.522441255 +0200`
			`+++ openssh-5.9p0/sshd_config.0 2011-09-05 14:48:16.477443868 +0200`
			`@@ -581,9 +581,9 @@ DESCRIPTION`

			`SyslogFacility`
			`Gives the facility code that is used when logging messages from`
			`- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,`
			`- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The`
			`- default is AUTH.`
			`+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,`
			`+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.`
			`+ The default is AUTH.`

			`TCPKeepAlive`
			`Specifies whether the system should send TCP keepalive messages`
			`diff -up openssh-5.9p0/sshd_config.5.redhat openssh-5.9p0/sshd_config.5`
			`--- openssh-5.9p0/sshd_config.5.redhat 2011-09-05 14:48:08.657564688 +0200`
			`+++ openssh-5.9p0/sshd_config.5 2011-09-05 14:48:16.589501736 +0200`
			`@@ -1029,7 +1029,7 @@ Note that this option applies to protoco`
			`.It Cm SyslogFacility`
			`Gives the facility code that is used when logging messages from`
			`.Xr sshd 8 .`
			`-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,`
			`+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,`
			`LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.`
			`The default is AUTH.`
			`.It Cm TCPKeepAlive`
			`diff -up openssh-5.9p0/sshd_config.redhat openssh-5.9p0/sshd_config`
			`--- openssh-5.9p0/sshd_config.redhat 2011-09-05 14:48:16.250626793 +0200`
			`+++ openssh-5.9p0/sshd_config 2011-09-05 15:06:01.513443553 +0200`
			`@@ -32,6 +32,7 @@`
			`# Logging`
			`# obsoletes QuietMode and FascistLogging`
			`#SyslogFacility AUTH`
			`+SyslogFacility AUTHPRIV`
			`#LogLevel INFO`

			`# Authentication:`
			`@@ -65,9 +66,11 @@ AuthorizedKeysFile .ssh/authorized_keys`
			`# To disable tunneled clear text passwords, change to no here!`
			`#PasswordAuthentication yes`
			`#PermitEmptyPasswords no`
			`+PasswordAuthentication yes`

			`# Change to no to disable s/key passwords`
			`#ChallengeResponseAuthentication yes`
			`+ChallengeResponseAuthentication no`

			`# Kerberos options`
			`#KerberosAuthentication no`
			`@@ -77,7 +80,9 @@ AuthorizedKeysFile .ssh/authorized_keys`

			`# GSSAPI options`
			`#GSSAPIAuthentication no`
			`+GSSAPIAuthentication yes`
			`#GSSAPICleanupCredentials yes`
			`+GSSAPICleanupCredentials yes`

			`# Set this to 'yes' to enable PAM authentication, account processing,`
			`# and session processing. If this is enabled, PAM authentication will`
			`@@ -89,6 +94,7 @@ AuthorizedKeysFile .ssh/authorized_keys`
			`# PAM authentication, then enable this but set PasswordAuthentication`
			`# and ChallengeResponseAuthentication to 'no'.`
			`#UsePAM no`
			`+UsePAM yes`

			`#TwoFactorAuthentication no`
			`#SecondPubkeyAuthentication yes`
			`@@ -101,6 +107,7 @@ AuthorizedKeysFile .ssh/authorized_keys`
			`#AllowTcpForwarding yes`
			`#GatewayPorts no`
			`#X11Forwarding no`
			`+X11Forwarding yes`
			`#X11DisplayOffset 10`
			`#X11UseLocalhost yes`
			`#PrintMotd yes`
			`@@ -121,6 +128,12 @@ AuthorizedKeysFile .ssh/authorized_keys`
			`# no default banner path`
			`#Banner none`

			`+# Accept locale-related environment variables`
			`+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES`
			`+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT`
			`+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE`
			`+AcceptEnv XMODIFIERS`
			`+`
			`# override default of no subsystems`
			`Subsystem sftp /usr/libexec/sftp-server`