From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KoCXg-0001Kq-4W for garchives@archives.gentoo.org; Fri, 10 Oct 2008 07:36:08 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2F071E06D9; Fri, 10 Oct 2008 07:36:06 +0000 (UTC) Received: from correo14.acens.net (correo14.acens.net [217.116.0.88]) by pigeon.gentoo.org (Postfix) with ESMTP id 90959E06D9 for ; Fri, 10 Oct 2008 07:36:05 +0000 (UTC) Received: (qmail 23761 invoked from network); 10 Oct 2008 07:36:03 -0000 Received: from unknown (HELO [192.168.0.51]) (rams.englobe-tec.com@[83.38.234.130]) (envelope-sender ) by correo14.acens.net (qmail-ldap-1.03) with SMTP for ; 10 Oct 2008 07:36:01 -0000 Message-ID: <48EF05CF.2@englobe-tec.com> Date: Fri, 10 Oct 2008 09:35:43 +0200 From: David Rioja User-Agent: Thunderbird 2.0.0.17 (X11/20080925) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] ssh configuration guide References: <48EDBB69.8010807@englobe-tec.com> <350fc7cf0810090938x1da55a63ra5ebadc5693b423b@mail.gmail.com> In-Reply-To: <350fc7cf0810090938x1da55a63ra5ebadc5693b423b@mail.gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 19fb7563-a021-4ebb-b273-9736a72c8033 X-Archives-Hash: b44a00c4b20028528e7e0843119c3b78 Andrey Falko escribi=C3=B3: > On Thu, Oct 9, 2008 at 1:06 AM, David Rioja wrot= e: > =20 >> This is my very first post to the list, so hello you all :) >> >> I've been editing /etc/ssh/sshd_config in order to configure SSH as to= ld in >> the guide at gentoo.org. The options you have to set for a quick start >> configuration are: >> >> Port 22 >> Protocol 2 >> ServerKeyBits 2048 >> SyslogFacility AUTH >> LogLevel INFO >> LoginGraceTime 60 >> PermitRootLogin no >> RSAAuthentication no >> PubkeyAuthentication yes >> PasswordAuthentication no >> PermitEmptyPasswords no >> PAMAuthenticationViaKbdInt no >> Compression yes >> KeepAlive yes >> ClientAliveInterval 30 >> ClientAliveCountMax 4 >> >> >> I have encountered two issues in that: >> >> 1.- When restarting the sshd service you are told PMAAuthenticationVia= KbdInt >> is deprecated. >> >> 2.- KeepAlive is not commented in the default configuration file, ther= e is >> TCPKeepAlive instead. I suppose same options are the same. Could anyon= e >> confim that? >> >> Thanks! >> >> >> =20 > > If you want are truely quick start configuration, you should use the > defaults that get installed after you install ssh. Basically, thost > default will give you a working ssh that is secure and that is more > than likely to work out of box. > > I'm not sure which Gentoo quickstart guide you are following, but it > is an out of date guide. I recommend emerge -1 openssh, then running > etc-update and applying the default configuration. Your goal is to get > a basic working ssh daemon, right? > > > > =20 Yes, I wanted only make it work over the lan. Default options seemed not=20 to work when I tried, perhaps I forgot to start the service... who=20 knows? :-/ By the way, besides unabling ssh access for root, I is not a good idea=20 enabling KeepAlive? So won't be great problems if anyone go away leaving=20 his session active. Am I mistaken?