From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-84973-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1KoS1y-0005Ue-Uz
	for garchives@archives.gentoo.org; Sat, 11 Oct 2008 00:08:27 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1CD7FE0568;
	Sat, 11 Oct 2008 00:08:24 +0000 (UTC)
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190])
	by pigeon.gentoo.org (Postfix) with ESMTP id B1F31E0568
	for <gentoo-user@lists.gentoo.org>; Sat, 11 Oct 2008 00:08:23 +0000 (UTC)
Received: by nf-out-0910.google.com with SMTP id c7so431955nfi.26
        for <gentoo-user@lists.gentoo.org>; Fri, 10 Oct 2008 17:08:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=km8OThL0Gg4KTbiBPMcdjtXyhW7b//5l6/Z5UMA4xg8=;
        b=V/4KkVBNthuPfBYWU8xaGGnn7+zYT257FasioNoh7bwDNUthHmZKMupIYwNR/1CAHF
         nPCLL4C3sOEKgjw8kKjR0PiN23yhk3VTVmmjdZUHHY9R/ypAWVI56Nl4hH6JgY6gPpQ/
         pSYA1fqL39BwYl7X9Pq6t+CcLcUfiSU208cfc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=NIR4hvaS1ti4WrP7FQPLqAhTqEGrlk5YgDyB5FHQG8AKHItrJy9GAA7Nqjyca09q+y
         QYpsMbhLfbxnXwue0xY5tsa8UwzqwAAphIY0q9bpZ4d9Y87kZKYg9FeHIqFVx6GSIoQp
         8hUHwF1bcCXibjQ5Z3VxgVIG7yxzHpchJDwO0=
Received: by 10.210.129.10 with SMTP id b10mr1076928ebd.121.1223683702024;
        Fri, 10 Oct 2008 17:08:22 -0700 (PDT)
Received: by 10.210.89.14 with HTTP; Fri, 10 Oct 2008 17:08:21 -0700 (PDT)
Message-ID: <ae47c6e50810101708p15b93330va73c560dad21004d@mail.gmail.com>
Date: Fri, 10 Oct 2008 20:08:21 -0400
From: "Eric Martin" <freak4uxxx@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] ssh configuration guide
In-Reply-To: <48EF05CF.2@englobe-tec.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <48EDBB69.8010807@englobe-tec.com>
	 <350fc7cf0810090938x1da55a63ra5ebadc5693b423b@mail.gmail.com>
	 <48EF05CF.2@englobe-tec.com>
X-Archives-Salt: 072319be-0448-4eda-b60d-fcd440c5300d
X-Archives-Hash: a04704f5eec9b5a246f485b76e5af2a7

Ssh disconnects on its own accord even with keepalive. I disable all
methods of authentication except for public keys. You'll have to
create a pub/private pair and copy the public key to
$HOME/.ssh/authorized_keys.  I'm on my blackberry so I can't type out
full directions but gentoo has docs.

On 10/10/08, David Rioja <rams@englobe-tec.com> wrote:
> Andrey Falko escribi=F3:
>> On Thu, Oct 9, 2008 at 1:06 AM, David Rioja <rams@englobe-tec.com> wrote=
:
>>
>>> This is my very first post to the list, so hello you all :)
>>>
>>> I've been editing /etc/ssh/sshd_config in order to configure SSH as tol=
d
>>> in
>>> the guide at gentoo.org. The options you have to set for a quick start
>>> configuration are:
>>>
>>> Port 22
>>> Protocol 2
>>> ServerKeyBits 2048
>>> SyslogFacility AUTH
>>> LogLevel INFO
>>> LoginGraceTime 60
>>> PermitRootLogin no
>>> RSAAuthentication no
>>> PubkeyAuthentication yes
>>> PasswordAuthentication no
>>> PermitEmptyPasswords no
>>> PAMAuthenticationViaKbdInt no
>>> Compression yes
>>> KeepAlive yes
>>> ClientAliveInterval 30
>>> ClientAliveCountMax 4
>>>
>>>
>>> I have encountered two issues in that:
>>>
>>> 1.- When restarting the sshd service you are told
>>> PMAAuthenticationViaKbdInt
>>> is deprecated.
>>>
>>> 2.- KeepAlive is not commented in the default configuration file, there
>>> is
>>> TCPKeepAlive instead. I suppose same options are the same. Could anyone
>>> confim that?
>>>
>>> Thanks!
>>>
>>>
>>>
>>
>> If you want are truely quick start configuration, you should use the
>> defaults that get installed after you install ssh. Basically, thost
>> default will give you a working ssh that is secure and that is more
>> than likely to work out of box.
>>
>> I'm not sure which Gentoo quickstart guide you are following, but it
>> is an out of date guide. I recommend emerge -1 openssh, then running
>> etc-update and applying the default configuration. Your goal is to get
>> a basic working ssh daemon, right?
>>
>>
>>
>>
> Yes, I wanted only make it work over the lan. Default options seemed not
> to work when I tried, perhaps I forgot to start the service... who
> knows? :-/
>
> By the way, besides unabling ssh access for root, I is not a good idea
> enabling KeepAlive? So won't be great problems if anyone go away leaving
> his session active. Am I mistaken?
>
>