diff options
| author | Damien Miller <djm@mindrot.org> | 2001-11-12 10:36:21 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2001-11-12 10:36:21 +1100 |
| commit | aba690c100734ac8bad501ecd982266571103873 (patch) | |
| tree | 9b0133be3029dfa181d02320f72f6b80c1020081 | |
| parent | f41d618fec126ae0d8083e2cc4c2074fbf023759 (diff) | |
- (djm) Cygwin config patch from Corinna Vinschen <vinschen@redhat.com>
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | contrib/cygwin/ssh-host-config | 95 |
2 files changed, 50 insertions, 48 deletions
@@ -1,5 +1,6 @@ 20011112 - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net> + - (djm) Cygwin config patch from Corinna Vinschen <vinschen@redhat.com> 20011109 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) @@ -6809,4 +6810,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1633 2001/11/11 23:34:22 djm Exp $ +$Id: ChangeLog,v 1.1634 2001/11/11 23:36:21 djm Exp $ diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 83eff3a1..bfeee7fc 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -98,7 +98,7 @@ then echo echo "There are still ssh processes running. Please shut them down first." echo - exit 1 + #exit 1 fi # Check for ${SYSCONFDIR} directory @@ -234,9 +234,9 @@ then # Site-wide defaults for various options # Host * -# ForwardAgent yes -# ForwardX11 yes -# RhostsAuthentication yes +# ForwardAgent no +# ForwardX11 no +# RhostsAuthentication no # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes @@ -244,22 +244,14 @@ then # UseRsh no # BatchMode no # CheckHostIP yes -# StrictHostKeyChecking no +# StrictHostKeyChecking yes +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_dsa +# IdentityFile ~/.ssh/id_rsa # Port 22 # Protocol 2,1 -# Cipher 3des +# Cipher blowfish # EscapeChar ~ - -# Be paranoid by default -Host * - ForwardAgent no - ForwardX11 no - FallBackToRsh no - -# Try authentification with the following identities - IdentityFile ~/.ssh/identity - IdentityFile ~/.ssh/id_rsa - IdentityFile ~/.ssh/id_dsa EOF if [ "$port_number" != "22" ] then @@ -288,60 +280,69 @@ if [ ! -f "${SYSCONFDIR}/sshd_config" ] then echo "Generating ${SYSCONFDIR}/sshd_config file" cat > ${SYSCONFDIR}/sshd_config << EOF -# This is ssh server systemwide configuration file. +# This is the sshd server system-wide configuration file. See sshd(8) +# for more information. Port $port_number -# -Protocol 2,1 -ListenAddress 0.0.0.0 +#Protocol 2,1 +#ListenAddress 0.0.0.0 #ListenAddress :: -# -# Uncomment the following lines according to the used authentication + +# HostKey for protocol version 1 HostKey /etc/ssh_host_key +# HostKeys for protocol version 2 HostKey /etc/ssh_host_rsa_key HostKey /etc/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server ke +KeyRegenerationInterval 3600 ServerKeyBits 768 + +# Logging +SyslogFacility AUTH +LogLevel INFO +#obsoletes QuietMode and FascistLogging + +# Authentication: + LoginGraceTime 600 -KeyRegenerationInterval 3600 PermitRootLogin yes -# -# Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes - -# # The following setting overrides permission checks on host key files # and directories. For security reasons set this to "yes" when running # NT/W2K, NTFS and CYGWIN=ntsec. StrictModes no -X11Forwarding no -X11DisplayOffset 10 -PrintMotd yes -KeepAlive yes - -# Logging -SyslogFacility AUTH -LogLevel INFO -#obsoletes QuietMode and FascistLogging +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys +# rhosts authentication should not be used RhostsAuthentication no -# +# Don't read ~/.rhosts and ~/.shosts files +IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes -RSAAuthentication yes - +# To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no -CheckMail no -UseLogin no +X11Forwarding no +X11DisplayOffset 10 +PrintMotd yes +#PrintLastLog no +KeepAlive yes +#UseLogin no -#Uncomment if you want to enable sftp -#Subsystem sftp /usr/sbin/sftp-server #MaxStartups 10:30:60 +#Banner /etc/issue.net +#ReverseMappingCheck yes + +Subsystem sftp /usr/sbin/sftp-server EOF fi |