From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KoS1y-0005Ue-Uz for garchives@archives.gentoo.org; Sat, 11 Oct 2008 00:08:27 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1CD7FE0568; Sat, 11 Oct 2008 00:08:24 +0000 (UTC) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by pigeon.gentoo.org (Postfix) with ESMTP id B1F31E0568 for ; Sat, 11 Oct 2008 00:08:23 +0000 (UTC) Received: by nf-out-0910.google.com with SMTP id c7so431955nfi.26 for ; Fri, 10 Oct 2008 17:08:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=km8OThL0Gg4KTbiBPMcdjtXyhW7b//5l6/Z5UMA4xg8=; b=V/4KkVBNthuPfBYWU8xaGGnn7+zYT257FasioNoh7bwDNUthHmZKMupIYwNR/1CAHF nPCLL4C3sOEKgjw8kKjR0PiN23yhk3VTVmmjdZUHHY9R/ypAWVI56Nl4hH6JgY6gPpQ/ pSYA1fqL39BwYl7X9Pq6t+CcLcUfiSU208cfc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=NIR4hvaS1ti4WrP7FQPLqAhTqEGrlk5YgDyB5FHQG8AKHItrJy9GAA7Nqjyca09q+y QYpsMbhLfbxnXwue0xY5tsa8UwzqwAAphIY0q9bpZ4d9Y87kZKYg9FeHIqFVx6GSIoQp 8hUHwF1bcCXibjQ5Z3VxgVIG7yxzHpchJDwO0= Received: by 10.210.129.10 with SMTP id b10mr1076928ebd.121.1223683702024; Fri, 10 Oct 2008 17:08:22 -0700 (PDT) Received: by 10.210.89.14 with HTTP; Fri, 10 Oct 2008 17:08:21 -0700 (PDT) Message-ID: Date: Fri, 10 Oct 2008 20:08:21 -0400 From: "Eric Martin" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] ssh configuration guide In-Reply-To: <48EF05CF.2@englobe-tec.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <48EDBB69.8010807@englobe-tec.com> <350fc7cf0810090938x1da55a63ra5ebadc5693b423b@mail.gmail.com> <48EF05CF.2@englobe-tec.com> X-Archives-Salt: 072319be-0448-4eda-b60d-fcd440c5300d X-Archives-Hash: a04704f5eec9b5a246f485b76e5af2a7 Ssh disconnects on its own accord even with keepalive. I disable all methods of authentication except for public keys. You'll have to create a pub/private pair and copy the public key to $HOME/.ssh/authorized_keys. I'm on my blackberry so I can't type out full directions but gentoo has docs. On 10/10/08, David Rioja wrote: > Andrey Falko escribi=F3: >> On Thu, Oct 9, 2008 at 1:06 AM, David Rioja wrote= : >> >>> This is my very first post to the list, so hello you all :) >>> >>> I've been editing /etc/ssh/sshd_config in order to configure SSH as tol= d >>> in >>> the guide at gentoo.org. The options you have to set for a quick start >>> configuration are: >>> >>> Port 22 >>> Protocol 2 >>> ServerKeyBits 2048 >>> SyslogFacility AUTH >>> LogLevel INFO >>> LoginGraceTime 60 >>> PermitRootLogin no >>> RSAAuthentication no >>> PubkeyAuthentication yes >>> PasswordAuthentication no >>> PermitEmptyPasswords no >>> PAMAuthenticationViaKbdInt no >>> Compression yes >>> KeepAlive yes >>> ClientAliveInterval 30 >>> ClientAliveCountMax 4 >>> >>> >>> I have encountered two issues in that: >>> >>> 1.- When restarting the sshd service you are told >>> PMAAuthenticationViaKbdInt >>> is deprecated. >>> >>> 2.- KeepAlive is not commented in the default configuration file, there >>> is >>> TCPKeepAlive instead. I suppose same options are the same. Could anyone >>> confim that? >>> >>> Thanks! >>> >>> >>> >> >> If you want are truely quick start configuration, you should use the >> defaults that get installed after you install ssh. Basically, thost >> default will give you a working ssh that is secure and that is more >> than likely to work out of box. >> >> I'm not sure which Gentoo quickstart guide you are following, but it >> is an out of date guide. I recommend emerge -1 openssh, then running >> etc-update and applying the default configuration. Your goal is to get >> a basic working ssh daemon, right? >> >> >> >> > Yes, I wanted only make it work over the lan. Default options seemed not > to work when I tried, perhaps I forgot to start the service... who > knows? :-/ > > By the way, besides unabling ssh access for root, I is not a good idea > enabling KeepAlive? So won't be great problems if anyone go away leaving > his session active. Am I mistaken? > >