Re: Q: respecting .ssh/id_rsa

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



For security you can make these changes, I am being lazy and just pulled from my scripts:

echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config 
echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config 
echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config 
echo "Banner /etc/issue" >> /etc/ssh/sshd_config 
echo "ClientAliveInterval 900" >> /etc/ssh/sshd_config 
echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config 
echo "PermitUserEnvironment no" >> /etc/ssh/sshd_config 
echo "PermitRootLogin no" >> /etc/ssh/sshd_config 
echo "Protocol 2" >> /etc/ssh/sshd_config 
sed -i 's@PrintLastLog no@$PrintLastLog yes@g' etc/ssh/sshd_config 
echo "ClientAliveCountMax 0" >> /etc/ssh/sshd_config

-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Devin Reade
Sent: Friday, May 08, 2015 1:57 PM
To: CentOS mailing list
Subject: Re:  Q: respecting .ssh/id_rsa

--On Friday, May 08, 2015 01:23:57 PM -0400 m.roth@xxxxxxxxx wrote:

> I would *strongly* recommend editing your /etc/ssh/sshd_config, and  
>comment or delete the fallback, and replace it, like:
># Protocol 2,1
> Protocol 2
>
> That way, it won't even try.

While forcing protocol 2 on the server is not a bad idea, it won't help here.  Remember, that's a client-side debug message that the OP was seeing.  I can verify that the client still produces that message even when talking to a server that does only protocol 2.

Forcing protocol 2 on the client side also does not suppress that message, so the key-type-determination algorithm is not likely dependent on the protocol version.

Devin

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux