- updated config files (removed obsolete entries, added comments about new ones)

- release 3

Changed files:
    openssh.conf -> 1.4
    openssh.spec -> 1.127
    opensshd.conf -> 1.10

diff --git a/openssh.conf b/openssh.conf
index 044dd0167ad0a33810b1c0db57e8edcdbd23c16f..f627da23fa542e500e91a29fb04b2f9f96875d8f 100644 (file)
--- a/openssh.conf
+++ b/openssh.conf
@@ -1,6 +1,7 @@
-# This is ssh client systemwide configuration file.  This file provides 
-# defaults for users, and the values can be changed in per-user configuration
-# files or on the command line.
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
 
 # Configuration data is parsed as follows:
 #  1. command line options
@@ -13,26 +14,26 @@
 # Site-wide defaults for various options
 
 # Host *
-#   ForwardAgent yes
-#   ForwardX11 yes
-#   RhostsAuthentication yes
-#   RhostsRSAAuthentication yes
+#   ForwardAgent no
+#   ForwardX11 no
+#   RhostsAuthentication no
+#   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
-#   FallBackToRsh yes
-#   UseRsh no
 #   BatchMode no
 #   CheckHostIP yes
-#   StrictHostKeyChecking no
+#   StrictHostKeyChecking ask
 #   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
 #   Port 22
 #   Protocol 2,1
 #   Cipher 3des
+#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
 #   EscapeChar ~
 
 # Be paranoid by default
 Host *
        ForwardAgent no
        ForwardX11 no
-       FallBackToRsh no
        StrictHostKeyChecking no

diff --git a/openssh.spec b/openssh.spec
index 7d4aa380db71a5f36ae7ef6cfc782dc892101175..e1ef5bc2bab7be063851a8c4be5a578d3fc83565 100644 (file)
--- a/openssh.spec
+++ b/openssh.spec
@@ -10,7 +10,7 @@ Summary(ru):  OpenSSH - 
 Summary(uk):   OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH)
 Name:          openssh
 Version:       3.4p1
-Release:       2
+Release:       3
 License:       BSD
 Group:         Applications/Networking
 Source0:       ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz

diff --git a/opensshd.conf b/opensshd.conf
index e5b26f22a5b353579226342b47862424165dd02e..261074333eab80d8d41537d0ccd03edded6cebc5 100644 (file)
--- a/opensshd.conf
+++ b/opensshd.conf
@@ -1,52 +1,88 @@
-# This is ssh server systemwide configuration file.
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
 
 Port 22
 Protocol 1,2
 #ListenAddress 0.0.0.0
 #ListenAddress ::
+
+# HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_dsa_key
-ServerKeyBits 768
-LoginGraceTime 600
+
+# Lifetime and size of ephemeral version 1 server key
 KeyRegenerationInterval 3600
-PermitRootLogin no
-#
-# Don't read ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
-StrictModes yes
-X11Forwarding no
-X11DisplayOffset 10
-X11UseLocalhost yes
-PrintMotd yes
-KeepAlive yes
+ServerKeyBits 768
 
 # Logging
+#obsoletes QuietMode and FascistLogging
 SyslogFacility AUTH
 LogLevel INFO
-#obsoletes QuietMode and FascistLogging
 
+# Authentication:
+
+LoginGraceTime 600
+PermitRootLogin no
+StrictModes yes
+
+RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile    .ssh/authorized_keys
+
+# rhosts authentication should not be used
 RhostsAuthentication no
-#
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
 # For this to work you will also need host keys in /etc/ssh_known_hosts
 RhostsRSAAuthentication no
-#
-RSAAuthentication yes
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
 
 # To disable tunneled clear text passwords, change to no here!
 PasswordAuthentication yes
 PermitEmptyPasswords no
-# Uncomment to disable s/key passwords 
-#SkeyAuthentication no
 
-# To change Kerberos options
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
 #KerberosAuthentication no
 #KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
 #AFSTokenPassing no
-#KerberosTicketCleanup no
 
-# Kerberos TGT Passing does only work with the AFS kaserver
-#KerberosTgtPassing yes
+# Kerberos TGT Passing only works with the AFS kaserver
+#KerberosTgtPassing no
 
+# Set this to 'yes' to enable PAM keyboard-interactive authentication 
+# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
+#PAMAuthenticationViaKbdInt yes
+
+X11Forwarding no
+X11DisplayOffset 10
+X11UseLocalhost yes
+PrintMotd yes
+#PrintLastLog yes
+KeepAlive yes
 UseLogin no
+#UsePrivilegeSeparation yes
+#Compression yes
+
+#MaxStartups 10
+# no default banner path
+#Banner /some/path
+#VerifyReverseMapping no
+
+# override default of no subsystems
+#Subsystem     sftp    /usr/lib/openssh/sftp-server