]>
Commit | Line | Data |
---|---|---|
2f55b62d JR |
1 | --- openssh-4.6p1/sshd_config~ 2007-10-13 01:37:17.000000000 +0200 |
2 | +++ openssh-4.6p1/sshd_config 2007-10-13 01:47:12.000000000 +0200 | |
3 | @@ -11,6 +11,7 @@ | |
4 | # default value. | |
5 | ||
6 | #Port 22 | |
7 | +Protocol 2 | |
8 | #Protocol 2,1 | |
9 | #AddressFamily any | |
10 | #ListenAddress 0.0.0.0 | |
11 | @@ -34,6 +35,7 @@ | |
12 | ||
13 | #LoginGraceTime 2m | |
14 | #PermitRootLogin yes | |
15 | +PermitRootLogin no | |
16 | #StrictModes yes | |
17 | #MaxAuthTries 6 | |
18 | ||
19 | @@ -50,10 +51,13 @@ | |
20 | #IgnoreUserKnownHosts no | |
21 | # Don't read the user's ~/.rhosts and ~/.shosts files | |
22 | #IgnoreRhosts yes | |
23 | +IgnoreRhosts yes | |
24 | ||
25 | # To disable tunneled clear text passwords, change to no here! | |
26 | #PasswordAuthentication yes | |
27 | #PermitEmptyPasswords no | |
28 | +PasswordAuthentication yes | |
29 | +PermitEmptyPasswords no | |
30 | ||
31 | # Change to no to disable s/key passwords | |
32 | #ChallengeResponseAuthentication yes | |
33 | @@ -66,6 +67,8 @@ | |
34 | # GSSAPI options | |
35 | #GSSAPIAuthentication no | |
36 | #GSSAPICleanupCredentials yes | |
37 | +GSSAPIAuthentication yes | |
38 | +GSSAPICleanupCredentials yes | |
39 | ||
40 | # Set this to 'yes' to enable PAM authentication, account processing, | |
41 | # and session processing. If this is enabled, PAM authentication will | |
42 | @@ -78,8 +79,16 @@ | |
43 | # PAM authentication, then enable this but set PasswordAuthentication | |
44 | # and ChallengeResponseAuthentication to 'no'. | |
45 | #UsePAM no | |
46 | +UsePAM yes | |
47 | + | |
48 | +# Set this to 'yes' to enable support for chrooted user environment. | |
49 | +# You must create such environment before you can use this feature. | |
50 | +#UseChroot yes | |
51 | ||
52 | #AllowTcpForwarding yes | |
53 | +# Security advisory: | |
54 | +# http://securitytracker.com/alerts/2004/Sep/1011143.html | |
55 | +AllowTcpForwarding no | |
56 | #GatewayPorts no | |
57 | #X11Forwarding no | |
58 | #X11DisplayOffset 10 | |
59 | @@ -106,6 +109,9 @@ | |
60 | # no default banner path | |
61 | #Banner /some/path | |
62 | ||
63 | +# Accept locale-related environment variables | |
64 | +AcceptEnv LANG LC_* | |
65 | + | |
66 | # override default of no subsystems | |
67 | Subsystem sftp /usr/libexec/sftp-server | |
68 | ||
69 | --- openssh-4.6p1/ssh_config~ 2006-06-13 05:01:10.000000000 +0200 | |
70 | +++ openssh-4.6p1/ssh_config 2007-10-13 02:00:16.000000000 +0200 | |
71 | @@ -20,12 +20,15 @@ | |
72 | # Host * | |
73 | # ForwardAgent no | |
74 | # ForwardX11 no | |
75 | +# ForwardX11Trusted yes | |
76 | # RhostsRSAAuthentication no | |
77 | # RSAAuthentication yes | |
78 | # PasswordAuthentication yes | |
79 | # HostbasedAuthentication no | |
80 | # GSSAPIAuthentication no | |
81 | # GSSAPIDelegateCredentials no | |
82 | +# GSSAPIKeyExchange no | |
83 | +# GSSAPITrustDNS no | |
84 | # BatchMode no | |
85 | # CheckHostIP yes | |
86 | # AddressFamily any | |
87 | @@ -42,3 +45,19 @@ | |
88 | # Tunnel no | |
89 | # TunnelDevice any:any | |
90 | # PermitLocalCommand no | |
91 | + | |
92 | +Host * | |
93 | + GSSAPIAuthentication yes | |
94 | + GSSAPIDelegateCredentials no | |
95 | + ForwardAgent no | |
96 | + ForwardX11 no | |
97 | +# If this option is set to yes then remote X11 clients will have full access | |
98 | +# to the original X11 display. As virtually no X11 client supports the untrusted | |
99 | +# mode correctly we set this to yes. | |
100 | + ForwardX11Trusted yes | |
101 | + StrictHostKeyChecking no | |
102 | + ServerAliveInterval 60 | |
103 | + ServerAliveCountMax 10 | |
104 | + TCPKeepAlive no | |
105 | +# Send locale-related environment variables | |
106 | + SendEnv LANG LC_* |