From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [69.77.167.62] (helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KnyWf-0001QX-6d for garchives@archives.gentoo.org; Thu, 09 Oct 2008 16:38:09 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 13E6AE062C; Thu, 9 Oct 2008 16:38:08 +0000 (UTC) Received: from yw-out-1718.google.com (yw-out-1718.google.com [74.125.46.156]) by pigeon.gentoo.org (Postfix) with ESMTP id E8381E062C for ; Thu, 9 Oct 2008 16:38:07 +0000 (UTC) Received: by yw-out-1718.google.com with SMTP id 5so29208ywm.46 for ; Thu, 09 Oct 2008 09:38:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=xSOIGLVv7Iz3vEgeDAXzZS+qT2mMmP/JYbskJ/RZP4I=; b=L1j0GkWs15tT+WJ12Q9/M8HxBUb2fDLtaEL7tKRrOsi24svK5VAITcEKQKNFR9CC2w 0ow0ZTThtV56ng7Iy18OUmq7rvb+HeXl+dgM/I7i+C+EQeUliO+W5PSuzccR5HaPfMoN M2/YdcC3/sz6WYjr+BHLZTEb52ZPh8vroloH4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=xT0ihfKRwOgXNYqfMQLWDG4AM5jA5O5YpdIrvlFoaVACy866TZj/T8WljzUiXc0Hj4 UTyk+O8xlP7D0W+YI6joKLf+H+H9NkInj1ZLSFluGoJAz6mCI/eHfaz/wDOfvBCG5vWK 8V1/yYdGBrihExiiMgEFs1eZ3wCUz9em0TYfY= Received: by 10.151.102.21 with SMTP id e21mr257298ybm.244.1223570286838; Thu, 09 Oct 2008 09:38:06 -0700 (PDT) Received: by 10.150.122.12 with HTTP; Thu, 9 Oct 2008 09:38:06 -0700 (PDT) Message-ID: <350fc7cf0810090938x1da55a63ra5ebadc5693b423b@mail.gmail.com> Date: Thu, 9 Oct 2008 09:38:06 -0700 From: "Andrey Falko" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] ssh configuration guide In-Reply-To: <48EDBB69.8010807@englobe-tec.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48EDBB69.8010807@englobe-tec.com> X-Archives-Salt: 7ab27890-0806-4047-b5f5-29aec755ca6f X-Archives-Hash: 341891d54a5b1832743938f2d1efaeed On Thu, Oct 9, 2008 at 1:06 AM, David Rioja wrote: > This is my very first post to the list, so hello you all :) > > I've been editing /etc/ssh/sshd_config in order to configure SSH as told in > the guide at gentoo.org. The options you have to set for a quick start > configuration are: > > Port 22 > Protocol 2 > ServerKeyBits 2048 > SyslogFacility AUTH > LogLevel INFO > LoginGraceTime 60 > PermitRootLogin no > RSAAuthentication no > PubkeyAuthentication yes > PasswordAuthentication no > PermitEmptyPasswords no > PAMAuthenticationViaKbdInt no > Compression yes > KeepAlive yes > ClientAliveInterval 30 > ClientAliveCountMax 4 > > > I have encountered two issues in that: > > 1.- When restarting the sshd service you are told PMAAuthenticationViaKbdInt > is deprecated. > > 2.- KeepAlive is not commented in the default configuration file, there is > TCPKeepAlive instead. I suppose same options are the same. Could anyone > confim that? > > Thanks! > > If you want are truely quick start configuration, you should use the defaults that get installed after you install ssh. Basically, thost default will give you a working ssh that is secure and that is more than likely to work out of box. I'm not sure which Gentoo quickstart guide you are following, but it is an out of date guide. I recommend emerge -1 openssh, then running etc-update and applying the default configuration. Your goal is to get a basic working ssh daemon, right?