openssh/openssh-5.9p1-redhat.patch

diff -up openssh-5.9p1/ssh_config.redhat openssh-5.9p1/ssh_config
--- openssh-5.9p1/ssh_config.redhat	2010-01-12 09:40:27.000000000 +0100
+++ openssh-5.9p1/ssh_config	2012-02-06 17:32:43.428032471 +0100
@@ -45,3 +45,14 @@
 #   PermitLocalCommand no
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
+Host *
+	GSSAPIAuthentication yes
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 display. As virtually no X11 client supports the untrusted
+# mode correctly we set this to yes.
+	ForwardX11Trusted yes
+# Send locale-related environment variables
+	SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
+	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
+	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+	SendEnv XMODIFIERS
diff -up openssh-5.9p1/sshd_config.redhat openssh-5.9p1/sshd_config
--- openssh-5.9p1/sshd_config.redhat	2012-02-06 17:32:43.427032448 +0100
+++ openssh-5.9p1/sshd_config	2012-02-06 17:35:15.356783832 +0100
@@ -32,6 +32,7 @@
 # Logging
 # obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH
+SyslogFacility AUTHPRIV
 #LogLevel INFO
 
 # Authentication:
@@ -65,9 +66,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
+PasswordAuthentication yes
 
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
 
 # Kerberos options
 #KerberosAuthentication no
@@ -77,7 +80,9 @@ AuthorizedKeysFile	.ssh/authorized_keys
 
 # GSSAPI options
 #GSSAPIAuthentication no
+GSSAPIAuthentication yes
 #GSSAPICleanupCredentials yes
+GSSAPICleanupCredentials yes
 
 # Set this to 'yes' to enable PAM authentication, account processing, 
 # and session processing. If this is enabled, PAM authentication will 
@@ -89,11 +94,13 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 #UsePAM no
+UsePAM yes
 
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
 #X11Forwarding no
+X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PrintMotd yes
@@ -114,6 +121,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # no default banner path
 #Banner none
 
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
 
diff -up openssh-5.9p1/sshd_config.0.redhat openssh-5.9p1/sshd_config.0
--- openssh-5.9p1/sshd_config.0.redhat	2012-02-06 17:32:43.302970171 +0100
+++ openssh-5.9p1/sshd_config.0	2012-02-06 17:32:43.428032471 +0100
@@ -581,9 +581,9 @@ DESCRIPTION
 
      SyslogFacility
              Gives the facility code that is used when logging messages from
-             sshd(8).  The possible values are: DAEMON, USER, AUTH, LOCAL0,
-             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The
-             default is AUTH.
+             sshd(8).  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
+             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+             The default is AUTH.
 
      TCPKeepAlive
              Specifies whether the system should send TCP keepalive messages
diff -up openssh-5.9p1/sshd_config.5.redhat openssh-5.9p1/sshd_config.5
--- openssh-5.9p1/sshd_config.5.redhat	2012-02-06 17:32:43.303971959 +0100
+++ openssh-5.9p1/sshd_config.5	2012-02-06 17:32:43.429032398 +0100
@@ -1019,7 +1019,7 @@ Note that this option applies to protoco
 .It Cm SyslogFacility
 Gives the facility code that is used when logging messages from
 .Xr sshd 8 .
-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 The default is AUTH.
 .It Cm TCPKeepAlive
replace TwoFactorAuth with RequiredAuthentications[12] https://bugzilla.mindrot.org/show_bug.cgi?id=983 2012-02-06 21:15:10 +00:00			`diff -up openssh-5.9p1/ssh_config.redhat openssh-5.9p1/ssh_config`
			`--- openssh-5.9p1/ssh_config.redhat 2010-01-12 09:40:27.000000000 +0100`
			`+++ openssh-5.9p1/ssh_config 2012-02-06 17:32:43.428032471 +0100`
ignore SIGPIPE in ssh keyscan 2011-09-07 13:12:54 +00:00			`@@ -45,3 +45,14 @@`
			`# PermitLocalCommand no`
			`# VisualHostKey no`
			`# ProxyCommand ssh -q -W %h:%p gateway.example.com`
			`+Host *`
			`+ GSSAPIAuthentication yes`
			`+# If this option is set to yes then remote X11 clients will have full access`
			`+# to the original X11 display. As virtually no X11 client supports the untrusted`
			`+# mode correctly we set this to yes.`
			`+ ForwardX11Trusted yes`
			`+# Send locale-related environment variables`
			`+ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES`
			`+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT`
			`+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE`
			`+ SendEnv XMODIFIERS`
replace TwoFactorAuth with RequiredAuthentications[12] https://bugzilla.mindrot.org/show_bug.cgi?id=983 2012-02-06 21:15:10 +00:00			`diff -up openssh-5.9p1/sshd_config.redhat openssh-5.9p1/sshd_config`
			`--- openssh-5.9p1/sshd_config.redhat 2012-02-06 17:32:43.427032448 +0100`
			`+++ openssh-5.9p1/sshd_config 2012-02-06 17:35:15.356783832 +0100`
ignore SIGPIPE in ssh keyscan 2011-09-07 13:12:54 +00:00			`@@ -32,6 +32,7 @@`
			`# Logging`
			`# obsoletes QuietMode and FascistLogging`
			`#SyslogFacility AUTH`
			`+SyslogFacility AUTHPRIV`
			`#LogLevel INFO`

			`# Authentication:`
			`@@ -65,9 +66,11 @@ AuthorizedKeysFile .ssh/authorized_keys`
			`# To disable tunneled clear text passwords, change to no here!`
			`#PasswordAuthentication yes`
			`#PermitEmptyPasswords no`
			`+PasswordAuthentication yes`

			`# Change to no to disable s/key passwords`
			`#ChallengeResponseAuthentication yes`
			`+ChallengeResponseAuthentication no`

			`# Kerberos options`
			`#KerberosAuthentication no`
			`@@ -77,7 +80,9 @@ AuthorizedKeysFile .ssh/authorized_keys`

			`# GSSAPI options`
			`#GSSAPIAuthentication no`
			`+GSSAPIAuthentication yes`
			`#GSSAPICleanupCredentials yes`
			`+GSSAPICleanupCredentials yes`

			`# Set this to 'yes' to enable PAM authentication, account processing,`
			`# and session processing. If this is enabled, PAM authentication will`
replace TwoFactorAuth with RequiredAuthentications[12] https://bugzilla.mindrot.org/show_bug.cgi?id=983 2012-02-06 21:15:10 +00:00			`@@ -89,11 +94,13 @@ AuthorizedKeysFile .ssh/authorized_keys`
ignore SIGPIPE in ssh keyscan 2011-09-07 13:12:54 +00:00			`# PAM authentication, then enable this but set PasswordAuthentication`
			`# and ChallengeResponseAuthentication to 'no'.`
			`#UsePAM no`
			`+UsePAM yes`

replace TwoFactorAuth with RequiredAuthentications[12] https://bugzilla.mindrot.org/show_bug.cgi?id=983 2012-02-06 21:15:10 +00:00			`#AllowAgentForwarding yes`
ignore SIGPIPE in ssh keyscan 2011-09-07 13:12:54 +00:00			`#AllowTcpForwarding yes`
			`#GatewayPorts no`
			`#X11Forwarding no`
			`+X11Forwarding yes`
			`#X11DisplayOffset 10`
			`#X11UseLocalhost yes`
			`#PrintMotd yes`
replace TwoFactorAuth with RequiredAuthentications[12] https://bugzilla.mindrot.org/show_bug.cgi?id=983 2012-02-06 21:15:10 +00:00			`@@ -114,6 +121,12 @@ AuthorizedKeysFile .ssh/authorized_keys`
ignore SIGPIPE in ssh keyscan 2011-09-07 13:12:54 +00:00			`# no default banner path`
			`#Banner none`

			`+# Accept locale-related environment variables`
			`+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES`
			`+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT`
			`+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE`
			`+AcceptEnv XMODIFIERS`
			`+`
			`# override default of no subsystems`
			`Subsystem sftp /usr/libexec/sftp-server`

replace TwoFactorAuth with RequiredAuthentications[12] https://bugzilla.mindrot.org/show_bug.cgi?id=983 2012-02-06 21:15:10 +00:00			`diff -up openssh-5.9p1/sshd_config.0.redhat openssh-5.9p1/sshd_config.0`
			`--- openssh-5.9p1/sshd_config.0.redhat 2012-02-06 17:32:43.302970171 +0100`
			`+++ openssh-5.9p1/sshd_config.0 2012-02-06 17:32:43.428032471 +0100`
			`@@ -581,9 +581,9 @@ DESCRIPTION`

			`SyslogFacility`
			`Gives the facility code that is used when logging messages from`
			`- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,`
			`- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The`
			`- default is AUTH.`
			`+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,`
			`+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.`
			`+ The default is AUTH.`

			`TCPKeepAlive`
			`Specifies whether the system should send TCP keepalive messages`
			`diff -up openssh-5.9p1/sshd_config.5.redhat openssh-5.9p1/sshd_config.5`
			`--- openssh-5.9p1/sshd_config.5.redhat 2012-02-06 17:32:43.303971959 +0100`
			`+++ openssh-5.9p1/sshd_config.5 2012-02-06 17:32:43.429032398 +0100`
			`@@ -1019,7 +1019,7 @@ Note that this option applies to protoco`
			`.It Cm SyslogFacility`
			`Gives the facility code that is used when logging messages from`
			`.Xr sshd 8 .`
			`-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,`
			`+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,`
			`LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.`
			`The default is AUTH.`
			`.It Cm TCPKeepAlive`