Skip to content
Snippets Groups Projects
Commit da05689b authored by Russ Allbery's avatar Russ Allbery
Browse files

Add some more comments to the sshd_config file 

Comment the protocol restriction and the explicit enabling of
UsePrivilegeSeparation on Red Hat.
parent c74da7f0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
templates/ssh/sshd_config.erb
+ 7
3
View file @ da05689b
...@@ -16,10 +16,9 @@ ListenAddress <%= address %> ...@@ -16,10 +16,9 @@ ListenAddress <%= address %>
end end
-%> -%>
Port 22 Port 22
# Only support protocol version 2.
Protocol 2 Protocol 2
<% if operatingsystem == 'RedHat' then -%>
UsePrivilegeSeparation yes
<% end -%>
# Only support RSA keys, not DSA keys. # Only support RSA keys, not DSA keys.
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_rsa_key
...@@ -30,6 +29,11 @@ LoginGraceTime 300 ...@@ -30,6 +29,11 @@ LoginGraceTime 300
# Prevent attackers from running long password guessing attacks. # Prevent attackers from running long password guessing attacks.
MaxAuthTries <%= max_tries %> MaxAuthTries <%= max_tries %>
<% if operatingsystem == 'RedHat' then -%>
# Some Red Hat systems are old enough that this has to be explicitly enabled.
UsePrivilegeSeparation yes
<% end -%>
# Disable all forms of host-based and public key authentication by default, # Disable all forms of host-based and public key authentication by default,
# since we use GSS-API (or passwords). # since we use GSS-API (or passwords).
IgnoreRhosts yes IgnoreRhosts yes
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment