Hi! * Christoph Anton Mitterer <cales...@scientia.net> [2014-10-16 20:47:00 CEST]: > Apparently Debian deviates in a few of OpenSSH's hardcoded default > settings, namely: > - ForwardX11Trusted having set to yes > - ServerAliveInterval being set to 300, when BatchMode is set to yes. > > Even though I've read that before it wasn't clear to me, that you just > changed the values in the default config files but really the hard coded > ones in the binary. > > Especially for ForwardX11Trusted this seems a security issue to me, since > you change to the insecure mode. > Even if there was any good reason for this (why btw?)...
This is documented and explained in the documentation in /usr/share/doc/openssh-client/README.Debian.gz and also referenced from the changelog.Debian.gz file, which is the canonical point to look at for changes within the Debian packaging. > I don't have that strong feelings about ServerAliveInterval/BatchMode, > since I wouldn't see at least any direct way how to exploit this in terms > of security. The following patch does this: http://sources.debian.net/src/openssh/1:6.7p1-2/debian/patches/keepalive-extensions.patch/ This is just an informal response. I am not related to the packaging of openssh, just wanted to point out where those things come from. Enjoy, Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los | -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
