For security you can make these changes, I am being lazy and just pulled from my scripts: echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config echo "Banner /etc/issue" >> /etc/ssh/sshd_config echo "ClientAliveInterval 900" >> /etc/ssh/sshd_config echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config echo "PermitUserEnvironment no" >> /etc/ssh/sshd_config echo "PermitRootLogin no" >> /etc/ssh/sshd_config echo "Protocol 2" >> /etc/ssh/sshd_config sed -i 's@PrintLastLog no@$PrintLastLog yes@g' etc/ssh/sshd_config echo "ClientAliveCountMax 0" >> /etc/ssh/sshd_config -----Original Message----- From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Devin Reade Sent: Friday, May 08, 2015 1:57 PM To: CentOS mailing list Subject: Re: Q: respecting .ssh/id_rsa --On Friday, May 08, 2015 01:23:57 PM -0400 m.roth@xxxxxxxxx wrote: > I would *strongly* recommend editing your /etc/ssh/sshd_config, and >comment or delete the fallback, and replace it, like: ># Protocol 2,1 > Protocol 2 > > That way, it won't even try. While forcing protocol 2 on the server is not a bad idea, it won't help here. Remember, that's a client-side debug message that the OP was seeing. I can verify that the client still produces that message even when talking to a server that does only protocol 2. Forcing protocol 2 on the client side also does not suppress that message, so the key-type-determination algorithm is not likely dependent on the protocol version. Devin _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
