[CentOS] Q: respecting .ssh/id_rsa

Fri May 8 20:07:48 UTC 2015
Conley, Matthew M CTR GXM <matthew.m.conley1.ctr at navy.mil>

For security you can make these changes, I am being lazy and just pulled from my scripts:

echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config 
echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config 
echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config 
echo "Banner /etc/issue" >> /etc/ssh/sshd_config 
echo "ClientAliveInterval 900" >> /etc/ssh/sshd_config 
echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config 
echo "PermitUserEnvironment no" >> /etc/ssh/sshd_config 
echo "PermitRootLogin no" >> /etc/ssh/sshd_config 
echo "Protocol 2" >> /etc/ssh/sshd_config 
sed -i 's at PrintLastLog no@$PrintLastLog yes at g' etc/ssh/sshd_config 
echo "ClientAliveCountMax 0" >> /etc/ssh/sshd_config

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Devin Reade
Sent: Friday, May 08, 2015 1:57 PM
To: CentOS mailing list
Subject: Re: [CentOS] Q: respecting .ssh/id_rsa

--On Friday, May 08, 2015 01:23:57 PM -0400 m.roth at 5-cent.us wrote:

> I would *strongly* recommend editing your /etc/ssh/sshd_config, and  
>comment or delete the fallback, and replace it, like:
># Protocol 2,1
> Protocol 2
>
> That way, it won't even try.

While forcing protocol 2 on the server is not a bad idea, it won't help here.  Remember, that's a client-side debug message that the OP was seeing.  I can verify that the client still produces that message even when talking to a server that does only protocol 2.

Forcing protocol 2 on the client side also does not suppress that message, so the key-type-determination algorithm is not likely dependent on the protocol version.

Devin

_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos