]>
Commit | Line | Data |
---|---|---|
2f55b62d JR |
1 | --- openssh-4.6p1/sshd_config~ 2007-10-13 01:37:17.000000000 +0200 |
2 | +++ openssh-4.6p1/sshd_config 2007-10-13 01:47:12.000000000 +0200 | |
4c64cbae AM |
3 | @@ -41,7 +41,7 @@ |
4 | # Authentication: | |
2f55b62d JR |
5 | |
6 | #LoginGraceTime 2m | |
f9d8b6a7 | 7 | -#PermitRootLogin prohibit-password |
2f55b62d JR |
8 | +PermitRootLogin no |
9 | #StrictModes yes | |
10 | #MaxAuthTries 6 | |
4c64cbae | 11 | #MaxSessions 10 |
7b7580be | 12 | @@ -50,10 +51,16 @@ |
2f55b62d JR |
13 | #IgnoreUserKnownHosts no |
14 | # Don't read the user's ~/.rhosts and ~/.shosts files | |
15 | #IgnoreRhosts yes | |
16 | +IgnoreRhosts yes | |
17 | ||
18 | # To disable tunneled clear text passwords, change to no here! | |
19 | #PasswordAuthentication yes | |
20 | #PermitEmptyPasswords no | |
21 | +PasswordAuthentication yes | |
22 | +PermitEmptyPasswords no | |
7b7580be ER |
23 | + |
24 | +# Allow DSA keys | |
0c97474b | 25 | +PubkeyAcceptedKeyTypes +ssh-dss |
2f55b62d JR |
26 | |
27 | # Change to no to disable s/key passwords | |
28 | #ChallengeResponseAuthentication yes | |
7b7580be | 29 | @@ -66,6 +70,8 @@ |
2f55b62d JR |
30 | # GSSAPI options |
31 | #GSSAPIAuthentication no | |
32 | #GSSAPICleanupCredentials yes | |
33 | +GSSAPIAuthentication yes | |
34 | +GSSAPICleanupCredentials yes | |
35 | ||
36 | # Set this to 'yes' to enable PAM authentication, account processing, | |
37 | # and session processing. If this is enabled, PAM authentication will | |
7b7580be | 38 | @@ -89,10 +92,12 @@ |
fc8529e5 | 39 | # If you just want the PAM account and session checks to run without |
2f55b62d JR |
40 | # PAM authentication, then enable this but set PasswordAuthentication |
41 | # and ChallengeResponseAuthentication to 'no'. | |
fc8529e5 | 42 | -#UsePAM no |
2f55b62d | 43 | +UsePAM yes |
2f55b62d | 44 | |
fc8529e5 AM |
45 | #AllowAgentForwarding yes |
46 | -#AllowTcpForwarding yes | |
2f55b62d JR |
47 | +# Security advisory: |
48 | +# http://securitytracker.com/alerts/2004/Sep/1011143.html | |
49 | +AllowTcpForwarding no | |
50 | #GatewayPorts no | |
51 | #X11Forwarding no | |
52 | #X11DisplayOffset 10 | |
7b7580be | 53 | @@ -106,6 +112,9 @@ |
2f55b62d JR |
54 | # no default banner path |
55 | #Banner /some/path | |
56 | ||
d63b3d02 | 57 | +# Accept locale-related environment variables, also accept some GIT vars |
11890360 | 58 | +AcceptEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL |
2f55b62d JR |
59 | + |
60 | # override default of no subsystems | |
61 | Subsystem sftp /usr/libexec/sftp-server | |
62 | ||
7b7580be | 63 | @@ -119,6 +133,10 @@ |
06629a71 ER |
64 | # override default of no subsystems |
65 | Subsystem sftp /usr/libexec/sftp-server | |
66 | ||
67 | +# Uncomment this if you want to use .local domain | |
68 | +#Host *.local | |
69 | +# CheckHostIP no | |
70 | + | |
71 | # Example of overriding settings on a per-user basis | |
72 | #Match User anoncvs | |
73 | # X11Forwarding no | |
2f55b62d JR |
74 | --- openssh-4.6p1/ssh_config~ 2006-06-13 05:01:10.000000000 +0200 |
75 | +++ openssh-4.6p1/ssh_config 2007-10-13 02:00:16.000000000 +0200 | |
76 | @@ -20,12 +20,15 @@ | |
77 | # Host * | |
78 | # ForwardAgent no | |
79 | # ForwardX11 no | |
80 | +# ForwardX11Trusted yes | |
81 | # RhostsRSAAuthentication no | |
82 | # RSAAuthentication yes | |
83 | # PasswordAuthentication yes | |
84 | # HostbasedAuthentication no | |
85 | # GSSAPIAuthentication no | |
86 | # GSSAPIDelegateCredentials no | |
87 | +# GSSAPIKeyExchange no | |
88 | +# GSSAPITrustDNS no | |
89 | # BatchMode no | |
90 | # CheckHostIP yes | |
91 | # AddressFamily any | |
25820f44 | 92 | @@ -42,3 +45,22 @@ |
cf9d1078 | 93 | # VisualHostKey no |
08811ee8 | 94 | # ProxyCommand ssh -q -W %h:%p gateway.example.com |
0fab2cab | 95 | # RekeyLimit 1G 1h |
2f55b62d JR |
96 | + |
97 | +Host * | |
98 | + GSSAPIAuthentication yes | |
99 | + GSSAPIDelegateCredentials no | |
100 | + ForwardAgent no | |
101 | + ForwardX11 no | |
102 | +# If this option is set to yes then remote X11 clients will have full access | |
103 | +# to the original X11 display. As virtually no X11 client supports the untrusted | |
104 | +# mode correctly we set this to yes. | |
105 | + ForwardX11Trusted yes | |
106 | + StrictHostKeyChecking no | |
107 | + ServerAliveInterval 60 | |
108 | + ServerAliveCountMax 10 | |
109 | + TCPKeepAlive no | |
0c97474b | 110 | + # Allow DSA keys |
4cf40faf | 111 | +# PubkeyAcceptedKeyTypes +ssh-dss |
00b8e873 | 112 | +# HostkeyAlgorithms +ssh-dss |
d63b3d02 | 113 | +# Send locale-related environment variables, also pass some GIT vars |
11890360 | 114 | + SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL |
3e8be83d | 115 | + HashKnownHosts yes |