From owner-freebsd-questions Thu Jun 27 13:53:43 2002 Delivered-To: freebsd-questions@freebsd.org Received: from out0.mx.nwbl.wi.voyager.net (out0.mx.nwbl.wi.voyager.net [169.207.3.118]) by hub.freebsd.org (Postfix) with ESMTP id EAE9337B400 for ; Thu, 27 Jun 2002 13:53:39 -0700 (PDT) Received: from shell.core.com (shell.core.com [169.207.1.89]) by out0.mx.nwbl.wi.voyager.net (8.12.3/8.11.4/1.7) with ESMTP id g5RKrdj4010708 for ; Thu, 27 Jun 2002 15:53:39 -0500 Received: from localhost (raiden@localhost) by shell.core.com (8.11.6/8.11.6/1.3) with ESMTP id g5RKrcL26728 for ; Thu, 27 Jun 2002 15:53:38 -0500 (CDT) Date: Thu, 27 Jun 2002 15:53:38 -0500 (CDT) From: Steven Lake X-X-Sender: raiden@shell.core.com To: freebsd-questions@FreeBSD.ORG Subject: sshd_config question Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG HI all. Quick question. After doing some reading I noticed something about the openssh vulnerability and I had a question. Here's my sshd_config file, does it have everything set correctly to be clear of the vulnerability? Just curious. Thanks. # $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.6 2001/09/28 01:33:35 green Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. Port 22 Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 120 KeyRegenerationInterval 3600 PermitRootLogin no # ConnectionsPerPeriod has been deprecated completely # After 10 unauthenticated connections, refuse 30% of the new ones, and # refuse any more than 60 total. MaxStartups 10:30:60 # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes #PrintLastLog no KeepAlive yes # Logging SyslogFacility AUTH LogLevel DEBUG #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no # Uncomment to disable s/key passwords ChallengeResponseAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp /usr/libexec/sftp-server #UsePrivilegeSeparation no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message