[CentOS] Q: respecting .ssh/id_rsa
Conley, Matthew M CTR GXM
matthew.m.conley1.ctr at navy.mil
Fri May 8 20:07:48 UTC 2015
For security you can make these changes, I am being lazy and just pulled from my scripts:
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config
echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config
echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config
echo "Banner /etc/issue" >> /etc/ssh/sshd_config
echo "ClientAliveInterval 900" >> /etc/ssh/sshd_config
echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config
echo "PermitUserEnvironment no" >> /etc/ssh/sshd_config
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
echo "Protocol 2" >> /etc/ssh/sshd_config
sed -i 's at PrintLastLog no@$PrintLastLog yes at g' etc/ssh/sshd_config
echo "ClientAliveCountMax 0" >> /etc/ssh/sshd_config
-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Devin Reade
Sent: Friday, May 08, 2015 1:57 PM
To: CentOS mailing list
Subject: Re: [CentOS] Q: respecting .ssh/id_rsa
--On Friday, May 08, 2015 01:23:57 PM -0400 m.roth at 5-cent.us wrote:
> I would *strongly* recommend editing your /etc/ssh/sshd_config, and
>comment or delete the fallback, and replace it, like:
># Protocol 2,1
> Protocol 2
>
> That way, it won't even try.
While forcing protocol 2 on the server is not a bad idea, it won't help here. Remember, that's a client-side debug message that the OP was seeing. I can verify that the client still produces that message even when talking to a server that does only protocol 2.
Forcing protocol 2 on the client side also does not suppress that message, so the key-type-determination algorithm is not likely dependent on the protocol version.
Devin
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list