sshd_config: AcceptEnv LANG, LANGUAGE LC_*

but not LC_ALL and there is no asterisk, the varibles are allowed
separately. It's very unlikely that someone invents a new locale type.
This commit is contained in:
Aminda Suomalainen 2015-09-06 18:36:48 +03:00
parent a3d5fbd9d7
commit 801e3e0941

View File

@ -6,9 +6,14 @@
# where some comments are took. Some options look like I don't want to # where some comments are took. Some options look like I don't want to
# change them to get updates when defaults change. # change them to get updates when defaults change.
# No environment variable is accepted for security reasons, e.g. # Accept locale environment variables which the client sends.
# shellshock worked with remotely accepted environment variables. # This might be risky e.g. ShellShock, but as this is suggested at
#AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION # Debian Wiki https://wiki.debian.org/Locale#SSH and Kapsi
# https://www.kapsi.fi/english has it, I accept locales manually.
# LC_ALL is missing intentionally as it's only for debugging/testing
# purpouses and if you really need it on the target system, set it there,
# it doesn't have to come from the client.
AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION
# IPv4 & IPv6 # IPv4 & IPv6
AddressFamily any AddressFamily any