From 876066875f023eed8ec1cdbcee032585f49c5fe5 Mon Sep 17 00:00:00 2001 From: Jakub Bogusz Date: Thu, 27 Jun 2002 18:14:55 +0000 Subject: [PATCH] - updated config files (removed obsolete entries, added comments about new ones) - release 3 Changed files: openssh.conf -> 1.4 openssh.spec -> 1.127 opensshd.conf -> 1.10 --- openssh.conf | 23 +++++++------- openssh.spec | 2 +- opensshd.conf | 86 ++++++++++++++++++++++++++++++++++++--------------- 3 files changed, 74 insertions(+), 37 deletions(-) diff --git a/openssh.conf b/openssh.conf index 044dd01..f627da2 100644 --- a/openssh.conf +++ b/openssh.conf @@ -1,6 +1,7 @@ -# This is ssh client systemwide configuration file. This file provides -# defaults for users, and the values can be changed in per-user configuration -# files or on the command line. +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. # Configuration data is parsed as follows: # 1. command line options @@ -13,26 +14,26 @@ # Site-wide defaults for various options # Host * -# ForwardAgent yes -# ForwardX11 yes -# RhostsAuthentication yes -# RhostsRSAAuthentication yes +# ForwardAgent no +# ForwardX11 no +# RhostsAuthentication no +# RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes -# FallBackToRsh yes -# UseRsh no # BatchMode no # CheckHostIP yes -# StrictHostKeyChecking no +# StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ # Be paranoid by default Host * ForwardAgent no ForwardX11 no - FallBackToRsh no StrictHostKeyChecking no diff --git a/openssh.spec b/openssh.spec index 7d4aa38..e1ef5bc 100644 --- a/openssh.spec +++ b/openssh.spec @@ -10,7 +10,7 @@ Summary(ru): OpenSSH - Summary(uk): OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH) Name: openssh Version: 3.4p1 -Release: 2 +Release: 3 License: BSD Group: Applications/Networking Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz diff --git a/opensshd.conf b/opensshd.conf index e5b26f2..2610743 100644 --- a/opensshd.conf +++ b/opensshd.conf @@ -1,52 +1,88 @@ -# This is ssh server systemwide configuration file. +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. Port 22 Protocol 1,2 #ListenAddress 0.0.0.0 #ListenAddress :: + +# HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key -ServerKeyBits 768 -LoginGraceTime 600 + +# Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 -PermitRootLogin no -# -# Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes -StrictModes yes -X11Forwarding no -X11DisplayOffset 10 -X11UseLocalhost yes -PrintMotd yes -KeepAlive yes +ServerKeyBits 768 # Logging +#obsoletes QuietMode and FascistLogging SyslogFacility AUTH LogLevel INFO -#obsoletes QuietMode and FascistLogging +# Authentication: + +LoginGraceTime 600 +PermitRootLogin no +StrictModes yes + +RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# rhosts authentication should not be used RhostsAuthentication no -# +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no -# -RSAAuthentication yes +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no -# Uncomment to disable s/key passwords -#SkeyAuthentication no -# To change Kerberos options +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + #AFSTokenPassing no -#KerberosTicketCleanup no -# Kerberos TGT Passing does only work with the AFS kaserver -#KerberosTgtPassing yes +# Kerberos TGT Passing only works with the AFS kaserver +#KerberosTgtPassing no +# Set this to 'yes' to enable PAM keyboard-interactive authentication +# Warning: enabling this may bypass the setting of 'PasswordAuthentication' +#PAMAuthenticationViaKbdInt yes + +X11Forwarding no +X11DisplayOffset 10 +X11UseLocalhost yes +PrintMotd yes +#PrintLastLog yes +KeepAlive yes UseLogin no +#UsePrivilegeSeparation yes +#Compression yes + +#MaxStartups 10 +# no default banner path +#Banner /some/path +#VerifyReverseMapping no + +# override default of no subsystems +#Subsystem sftp /usr/lib/openssh/sftp-server -- 2.44.0