diff -Naur -x '*.orig' -x '*~' -x '*.rej' openssh-7.7p1/ssh_config openssh-7.7p1-config/ssh_config --- openssh-7.7p1/ssh_config 2018-04-02 07:38:28.000000000 +0200 +++ openssh-7.7p1-config/ssh_config 2018-08-16 18:57:00.116753297 +0200 @@ -19,7 +19,7 @@ # Host * # ForwardAgent no -# ForwardX11 no +ForwardX11 yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no @@ -44,3 +44,13 @@ # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h + +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 display. As virtually no X11 client supports the untrusted +# mode correctly we set this to yes. +ForwardX11Trusted yes + +# Send locale-related environment variables +#SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +#SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +#SendEnv LC_IDENTIFICATION LC_ALL diff -Naur -x '*.orig' -x '*~' -x '*.rej' openssh-7.7p1/sshd_config openssh-7.7p1-config/sshd_config --- openssh-7.7p1/sshd_config 2018-04-02 07:38:28.000000000 +0200 +++ openssh-7.7p1-config/sshd_config 2018-08-16 18:58:42.777353720 +0200 @@ -3,7 +3,7 @@ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin +# This sshd was compiled with PATH=_OPENSSH_PATH_ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where @@ -15,9 +15,9 @@ #ListenAddress 0.0.0.0 #ListenAddress :: -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none @@ -79,12 +79,20 @@ # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. -#UsePAM no +# Warning: when running under systemd, and PAM usage is disabled, restarting +# SSH service will likely kill off any ssh connections, including the +# current one +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no -#X11Forwarding no +X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes