From 801e3e094193b037213080a5bdd81452ea24286d Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Sun, 6 Sep 2015 18:36:48 +0300
Subject: [PATCH] sshd_config: AcceptEnv LANG, LANGUAGE LC_*

but not LC_ALL and there is no asterisk, the varibles are allowed
separately. It's very unlikely that someone invents a new locale type.
---
 etc/ssh/sshd_config | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config
index d559566e..9b499397 100644
--- a/etc/ssh/sshd_config
+++ b/etc/ssh/sshd_config
@@ -6,9 +6,14 @@
 # where some comments are took. Some options look like I don't want to
 # change them to get updates when defaults change.
 
-# No environment variable is accepted for security reasons, e.g.
-# shellshock worked with remotely accepted environment variables.
-#AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION
+# Accept locale environment variables which the client sends.
+# This might be risky e.g. ShellShock, but as this is suggested at
+# Debian Wiki https://wiki.debian.org/Locale#SSH and Kapsi
+# https://www.kapsi.fi/english has it, I accept locales manually.
+# LC_ALL is missing intentionally as it's only for debugging/testing
+# purpouses and if you really need it on the target system, set it there,
+# it doesn't have to come from the client.
+AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION
 
 # IPv4 & IPv6
 AddressFamily any