diff -Naur -x svn-commit.tmp~ -x '*.orig' openssh-8.5p1/ssh_config openssh-8.5p1-mageia/ssh_config --- openssh-8.5p1/ssh_config 2021-03-02 11:31:47.000000000 +0100 +++ openssh-8.5p1-mageia/ssh_config 2021-03-28 20:22:15.233638704 +0200 @@ -44,3 +44,10 @@ # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h # UserKnownHostsFile ~/.ssh/known_hosts.d/%k +# +# This system is following system-wide crypto policy. +# To modify the crypto properties (Ciphers, MACs, ...), create a *.conf +# file under /etc/ssh/ssh_config.d/ which will be automatically +# included below. For more information, see manual page for +# update-crypto-policies(8) and ssh_config(5). +Include /etc/ssh/ssh_config.d/*.conf diff -Naur -x svn-commit.tmp~ -x '*.orig' openssh-8.5p1/ssh_config_mageia openssh-8.5p1-mageia/ssh_config_mageia --- openssh-8.5p1/ssh_config_mageia 1970-01-01 01:00:00.000000000 +0100 +++ openssh-8.5p1-mageia/ssh_config_mageia 2021-03-28 20:22:49.446317393 +0200 @@ -0,0 +1,15 @@ +# The options here are in the "Match final block" to be applied as the last +# options and could be potentially overwritten by the user configuration +Match final all + # Follow system-wide Crypto Policy, if defined: + Include /etc/crypto-policies/back-ends/openssh.config + + ForwardX11 yes + +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 display. As virtually no X11 client supports the untrusted +# mode correctly we set this to yes. + ForwardX11Trusted yes + +# Uncomment this if you want to use .local domain +# Host *.local diff -Naur -x svn-commit.tmp~ -x '*.orig' openssh-8.5p1/ssh_config_mageia~ openssh-8.5p1-mageia/ssh_config_mageia~ --- openssh-8.5p1/ssh_config_mageia~ 1970-01-01 01:00:00.000000000 +0100 +++ openssh-8.5p1-mageia/ssh_config_mageia~ 2021-03-28 20:22:15.233638704 +0200 @@ -0,0 +1,21 @@ +# The options here are in the "Match final block" to be applied as the last +# options and could be potentially overwritten by the user configuration +Match final all + # Follow system-wide Crypto Policy, if defined: + Include /etc/crypto-policies/back-ends/openssh.config + + ForwardX11 yes + +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 display. As virtually no X11 client supports the untrusted +# mode correctly we set this to yes. + ForwardX11Trusted yes + +# Send locale-related environment variables + #SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES + #SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + #SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE + #SendEnv XMODIFIERS + +# Uncomment this if you want to use .local domain +# Host *.local diff -Naur -x svn-commit.tmp~ -x '*.orig' openssh-8.5p1/sshd_config openssh-8.5p1-mageia/sshd_config --- openssh-8.5p1/sshd_config 2021-03-02 11:31:47.000000000 +0100 +++ openssh-8.5p1-mageia/sshd_config 2021-03-28 20:22:15.234638695 +0200 @@ -3,13 +3,17 @@ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin +# This sshd was compiled with PATH=_OPENSSH_PATH_ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. +# To modify the system-wide sshd configuration, create a *.conf file under +# /etc/ssh/sshd_config.d/ which will be automatically included below +Include /etc/ssh/sshd_config.d/*.conf + #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 diff -Naur -x svn-commit.tmp~ -x '*.orig' openssh-8.5p1/sshd_config.0 openssh-8.5p1-mageia/sshd_config.0 --- openssh-8.5p1/sshd_config.0 2021-03-02 13:04:59.000000000 +0100 +++ openssh-8.5p1-mageia/sshd_config.0 2021-03-28 20:22:15.234638695 +0200 @@ -1009,9 +1009,9 @@ SyslogFacility Gives the facility code that is used when logging messages from - sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, - LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The - default is AUTH. + sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV, + LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. + The default is AUTH. TCPKeepAlive Specifies whether the system should send TCP keepalive messages diff -Naur -x svn-commit.tmp~ -x '*.orig' openssh-8.5p1/sshd_config.5 openssh-8.5p1-mageia/sshd_config.5 --- openssh-8.5p1/sshd_config.5 2021-03-02 11:31:47.000000000 +0100 +++ openssh-8.5p1-mageia/sshd_config.5 2021-03-28 20:22:15.235638685 +0200 @@ -1676,7 +1676,7 @@ .It Cm SyslogFacility Gives the facility code that is used when logging messages from .Xr sshd 8 . -The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, +The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH. .It Cm TCPKeepAlive diff -Naur -x svn-commit.tmp~ -x '*.orig' openssh-8.5p1/sshd_config_mageia openssh-8.5p1-mageia/sshd_config_mageia --- openssh-8.5p1/sshd_config_mageia 1970-01-01 01:00:00.000000000 +0100 +++ openssh-8.5p1-mageia/sshd_config_mageia 2021-03-28 20:22:27.132526954 +0200 @@ -0,0 +1,10 @@ +# This system is following system-wide crypto policy. The changes to +# crypto properties (Ciphers, MACs, ...) will not have any effect in +# this or following included files. To override some configuration option, +# write it before this block or include it before this file. +# Please, see manual pages for update-crypto-policies(8) and sshd_config(5). +Include /etc/crypto-policies/back-ends/opensshserver.config + +UsePAM yes + +X11Forwarding yes diff -Naur -x svn-commit.tmp~ -x '*.orig' openssh-8.5p1/sshd_config_mageia~ openssh-8.5p1-mageia/sshd_config_mageia~ --- openssh-8.5p1/sshd_config_mageia~ 1970-01-01 01:00:00.000000000 +0100 +++ openssh-8.5p1-mageia/sshd_config_mageia~ 2021-03-28 20:22:15.236638676 +0200 @@ -0,0 +1,16 @@ +# This system is following system-wide crypto policy. The changes to +# crypto properties (Ciphers, MACs, ...) will not have any effect in +# this or following included files. To override some configuration option, +# write it before this block or include it before this file. +# Please, see manual pages for update-crypto-policies(8) and sshd_config(5). +Include /etc/crypto-policies/back-ends/opensshserver.config + +UsePAM yes + +X11Forwarding yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS