Paul on Sun, 30 Sep 2001 16:20:11 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] a different SSH question & moderated posts 

One sshd_config file is not world readable, the other is.

-rw-------    1 root     root         1780 Jun 17 00:51
sshd_config

------------------------------------------------------------------

-rw-r--r--   1 root     root         1.8k Aug 16 21:13
sshd_config

#       $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29
deraadt Exp $
 
# This sshd was compiled with
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
 
# This is the sshd server system-wide configuration file. 
See sshd(8)
# for more information.
 
Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /usr/local/etc/ssh_host_key
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
 
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
 
RhostsAuthentication no
#
# For this to work you will also need host keys in
/usr/local/etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
#
RSAAuthentication yes
 
# To disable tunneled clear text passwords, change to no
here!
PasswordAuthentication yes
PermitEmptyPasswords no
 
# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no
 
# Uncomment to enable PAM keyboard-interactive
authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
 
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
 
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
 
#CheckMail yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
 
Subsystem       sftp    /usr/local/libexec/sftp-server

------------------------------------------------------


> > I don't have access to /etc/sshd_config on the remote systems,
> 
> Sure you do. This file is almost definitely world-readable. I wasn't
> suggesting necesarily that *you* had changed it, just that it had
> been changed.
> 
> What's in it?


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug