For security you can make these changes, I am being lazy and just pulled from my scripts:
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config echo "Banner /etc/issue" >> /etc/ssh/sshd_config echo "ClientAliveInterval 900" >> /etc/ssh/sshd_config echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config echo "PermitUserEnvironment no" >> /etc/ssh/sshd_config echo "PermitRootLogin no" >> /etc/ssh/sshd_config echo "Protocol 2" >> /etc/ssh/sshd_config sed -i 's@PrintLastLog no@$PrintLastLog yes@g' etc/ssh/sshd_config echo "ClientAliveCountMax 0" >> /etc/ssh/sshd_config
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Devin Reade Sent: Friday, May 08, 2015 1:57 PM To: CentOS mailing list Subject: Re: [CentOS] Q: respecting .ssh/id_rsa
--On Friday, May 08, 2015 01:23:57 PM -0400 m.roth@5-cent.us wrote:
I would *strongly* recommend editing your /etc/ssh/sshd_config, and comment or delete the fallback, and replace it, like: # Protocol 2,1 Protocol 2
That way, it won't even try.
While forcing protocol 2 on the server is not a bad idea, it won't help here. Remember, that's a client-side debug message that the OP was seeing. I can verify that the client still produces that message even when talking to a server that does only protocol 2.
Forcing protocol 2 on the client side also does not suppress that message, so the key-type-determination algorithm is not likely dependent on the protocol version.
Devin
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos