Jan F. Chadima c6801b
diff -up openssh-5.6p1/ssh_config.redhat openssh-5.6p1/ssh_config
Jan F. Chadima c6801b
--- openssh-5.6p1/ssh_config.redhat	2010-01-12 09:40:27.000000000 +0100
Jan F. Chadima c6801b
+++ openssh-5.6p1/ssh_config	2010-09-03 15:21:17.000000000 +0200
974c89
@@ -45,3 +45,14 @@
15914f
 #   PermitLocalCommand no
15914f
 #   VisualHostKey no
974c89
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
15914f
+Host *
15914f
+	GSSAPIAuthentication yes
15914f
+# If this option is set to yes then remote X11 clients will have full access
15914f
+# to the original X11 display. As virtually no X11 client supports the untrusted
15914f
+# mode correctly we set this to yes.
15914f
+	ForwardX11Trusted yes
15914f
+# Send locale-related environment variables
15914f
+	SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
15914f
+	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
15914f
+	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
15914f
+	SendEnv XMODIFIERS
Jan F. Chadima c6801b
diff -up openssh-5.6p1/sshd_config.0.redhat openssh-5.6p1/sshd_config.0
Jan F. Chadima c6801b
--- openssh-5.6p1/sshd_config.0.redhat	2010-08-23 05:24:16.000000000 +0200
Jan F. Chadima c6801b
+++ openssh-5.6p1/sshd_config.0	2010-09-03 15:23:20.000000000 +0200
Jan F. Chadima c6801b
@@ -537,9 +537,9 @@ DESCRIPTION
15914f
 
15914f
      SyslogFacility
15914f
              Gives the facility code that is used when logging messages from
15914f
-             sshd(8).  The possible values are: DAEMON, USER, AUTH, LOCAL0,
Jan F. Chadima c6801b
-             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The
Jan F. Chadima c6801b
-             default is AUTH.
15914f
+             sshd(8).  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
15914f
+             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
15914f
+             The default is AUTH.
15914f
 
15914f
      TCPKeepAlive
15914f
              Specifies whether the system should send TCP keepalive messages
Jan F. Chadima c6801b
diff -up openssh-5.6p1/sshd_config.5.redhat openssh-5.6p1/sshd_config.5
Jan F. Chadima c6801b
--- openssh-5.6p1/sshd_config.5.redhat	2010-07-02 05:37:17.000000000 +0200
Jan F. Chadima c6801b
+++ openssh-5.6p1/sshd_config.5	2010-09-03 15:21:17.000000000 +0200
Jan F. Chadima c6801b
@@ -919,7 +919,7 @@ Note that this option applies to protoco
15914f
 .It Cm SyslogFacility
15914f
 Gives the facility code that is used when logging messages from
15914f
 .Xr sshd 8 .
15914f
-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
15914f
+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
15914f
 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
15914f
 The default is AUTH.
15914f
 .It Cm TCPKeepAlive
Jan F. Chadima c6801b
diff -up openssh-5.6p1/sshd_config.redhat openssh-5.6p1/sshd_config
Jan F. Chadima c6801b
--- openssh-5.6p1/sshd_config.redhat	2009-10-11 12:51:09.000000000 +0200
Jan F. Chadima c6801b
+++ openssh-5.6p1/sshd_config	2010-09-03 15:21:17.000000000 +0200
974c89
@@ -31,6 +31,7 @@
ad07b9
 # Logging
ad07b9
 # obsoletes QuietMode and FascistLogging
ad07b9
 #SyslogFacility AUTH
ad07b9
+SyslogFacility AUTHPRIV
ad07b9
 #LogLevel INFO
ad07b9
 
ad07b9
 # Authentication:
974c89
@@ -58,9 +59,11 @@
ad07b9
 # To disable tunneled clear text passwords, change to no here!
ad07b9
 #PasswordAuthentication yes
ad07b9
 #PermitEmptyPasswords no
ad07b9
+PasswordAuthentication yes
ad07b9
 
ad07b9
 # Change to no to disable s/key passwords
ad07b9
 #ChallengeResponseAuthentication yes
ad07b9
+ChallengeResponseAuthentication no
ad07b9
 
ad07b9
 # Kerberos options
ad07b9
 #KerberosAuthentication no
974c89
@@ -70,7 +73,9 @@
ad07b9
 
ad07b9
 # GSSAPI options
ad07b9
 #GSSAPIAuthentication no
ad07b9
+GSSAPIAuthentication yes
ad07b9
 #GSSAPICleanupCredentials yes
ad07b9
+GSSAPICleanupCredentials yes
ad07b9
 
ad07b9
 # Set this to 'yes' to enable PAM authentication, account processing, 
ad07b9
 # and session processing. If this is enabled, PAM authentication will 
974c89
@@ -82,11 +87,19 @@
ad07b9
 # PAM authentication, then enable this but set PasswordAuthentication
ad07b9
 # and ChallengeResponseAuthentication to 'no'.
ad07b9
 #UsePAM no
ad07b9
+UsePAM yes
93a474
+
b9a07a
+# Accept locale-related environment variables
b9a07a
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
b9a07a
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
b9a07a
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
15914f
+AcceptEnv XMODIFIERS
ad07b9
 
93a474
 #AllowAgentForwarding yes
ad07b9
 #AllowTcpForwarding yes
ad07b9
 #GatewayPorts no
ad07b9
 #X11Forwarding no
ad07b9
+X11Forwarding yes
ad07b9
 #X11DisplayOffset 10
ad07b9
 #X11UseLocalhost yes
ad07b9
 #PrintMotd yes