- (djm) Cygwin config patch from Corinna Vinschen <vinschen@redhat.com>

author: Damien Miller <djm@mindrot.org> 2001-11-12 10:36:21 +1100
committer: Damien Miller <djm@mindrot.org> 2001-11-12 10:36:21 +1100
commit: aba690c100734ac8bad501ecd982266571103873 (patch)
tree: 9b0133be3029dfa181d02320f72f6b80c1020081 /contrib
parent: f41d618fec126ae0d8083e2cc4c2074fbf023759 (diff)
1 files changed, 48 insertions, 47 deletions
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index 83eff3a13..bfeee7fca 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -98,7 +98,7 @@ then
  echo
  echo "There are still ssh processes running. Please shut them down first."
  echo
-  exit 1
+  #exit 1
 fi
 # Check for ${SYSCONFDIR} directory
@@ -234,9 +234,9 @@ then
 # Site-wide defaults for various options
 # Host *
-#   ForwardAgent yes
+#   ForwardAgent no
-#   ForwardX11 yes
+#   ForwardX11 no
-#   RhostsAuthentication yes
+#   RhostsAuthentication no
 #   RhostsRSAAuthentication yes
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
@@ -244,22 +244,14 @@ then
 #   UseRsh no
 #   BatchMode no
 #   CheckHostIP yes
-#   StrictHostKeyChecking no
+#   StrictHostKeyChecking yes
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_dsa
+#   IdentityFile ~/.ssh/id_rsa
 #   Port 22
 #   Protocol 2,1
-#   Cipher 3des
+#   Cipher blowfish
 #   EscapeChar ~
-# Be paranoid by default
-Host *
-        ForwardAgent no
-        ForwardX11 no
-        FallBackToRsh no
-# Try authentification with the following identities
-        IdentityFile ~/.ssh/identity
-        IdentityFile ~/.ssh/id_rsa
-        IdentityFile ~/.ssh/id_dsa
 EOF
  if [ "$port_number" != "22" ]
  then
@@ -288,60 +280,69 @@ if [ ! -f "${SYSCONFDIR}/sshd_config" ]
 then
  echo "Generating ${SYSCONFDIR}/sshd_config file"
  cat > ${SYSCONFDIR}/sshd_config << EOF
-# This is ssh server systemwide configuration file.
+# This is the sshd server system-wide configuration file.  See sshd(8)
+# for more information.
 Port $port_number
-#
+#Protocol 2,1
-Protocol 2,1
+#ListenAddress 0.0.0.0
-ListenAddress 0.0.0.0
 #ListenAddress ::
-#
-# Uncomment the following lines according to the used authentication
+# HostKey for protocol version 1
 HostKey /etc/ssh_host_key
+# HostKeys for protocol version 2
 HostKey /etc/ssh_host_rsa_key
 HostKey /etc/ssh_host_dsa_key
+# Lifetime and size of ephemeral version 1 server ke
+KeyRegenerationInterval 3600
 ServerKeyBits 768
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+#obsoletes QuietMode and FascistLogging
+# Authentication:
 LoginGraceTime 600
-KeyRegenerationInterval 3600
 PermitRootLogin yes
-#
-# Don't read ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
-#
 # The following setting overrides permission checks on host key files
 # and directories. For security reasons set this to "yes" when running
 # NT/W2K, NTFS and CYGWIN=ntsec.
 StrictModes no
-X11Forwarding no
+RSAAuthentication yes
-X11DisplayOffset 10
+PubkeyAuthentication yes
-PrintMotd yes
+#AuthorizedKeysFile     %h/.ssh/authorized_keys
-KeepAlive yes
-# Logging
-SyslogFacility AUTH
-LogLevel INFO
-#obsoletes QuietMode and FascistLogging
+# rhosts authentication should not be used
 RhostsAuthentication no
-#
+# Don't read ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
 # For this to work you will also need host keys in /etc/ssh_known_hosts
 RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
-RSAAuthentication yes
+# To disable tunneled clear text passwords, change to no here!
 PasswordAuthentication yes
 PermitEmptyPasswords no
-CheckMail no
+X11Forwarding no
-UseLogin no
+X11DisplayOffset 10
+PrintMotd yes
+#PrintLastLog no
+KeepAlive yes
+#UseLogin no
-#Uncomment if you want to enable sftp
-#Subsystem      sftp    /usr/sbin/sftp-server
 #MaxStartups 10:30:60
+#Banner /etc/issue.net
+#ReverseMappingCheck yes
+Subsystem      sftp    /usr/sbin/sftp-server
 EOF
 fi
author	Damien Miller <djm@mindrot.org>	2001-11-12 10:36:21 +1100
committer	Damien Miller <djm@mindrot.org>	2001-11-12 10:36:21 +1100
commit	aba690c100734ac8bad501ecd982266571103873 (patch)
tree	9b0133be3029dfa181d02320f72f6b80c1020081 /contrib
parent	f41d618fec126ae0d8083e2cc4c2074fbf023759 (diff)

diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 83eff3a13..bfeee7fca 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config
@@ -98,7 +98,7 @@ then
98	echo	98	echo
99	echo "There are still ssh processes running. Please shut them down first."	99	echo "There are still ssh processes running. Please shut them down first."
100	echo	100	echo
101	exit 1	101	#exit 1
102	fi	102	fi
103		103
104	# Check for ${SYSCONFDIR} directory	104	# Check for ${SYSCONFDIR} directory
@@ -234,9 +234,9 @@ then
234	# Site-wide defaults for various options	234	# Site-wide defaults for various options
235		235
236	# Host *	236	# Host *
237	# ForwardAgent yes	237	# ForwardAgent no
238	# ForwardX11 yes	238	# ForwardX11 no
239	# RhostsAuthentication yes	239	# RhostsAuthentication no
240	# RhostsRSAAuthentication yes	240	# RhostsRSAAuthentication yes
241	# RSAAuthentication yes	241	# RSAAuthentication yes
242	# PasswordAuthentication yes	242	# PasswordAuthentication yes
@@ -244,22 +244,14 @@ then
244	# UseRsh no	244	# UseRsh no
245	# BatchMode no	245	# BatchMode no
246	# CheckHostIP yes	246	# CheckHostIP yes
247	# StrictHostKeyChecking no	247	# StrictHostKeyChecking yes
		248	# IdentityFile ~/.ssh/identity
		249	# IdentityFile ~/.ssh/id_dsa
		250	# IdentityFile ~/.ssh/id_rsa
248	# Port 22	251	# Port 22
249	# Protocol 2,1	252	# Protocol 2,1
250	# Cipher 3des	253	# Cipher blowfish
251	# EscapeChar ~	254	# EscapeChar ~
252
253	# Be paranoid by default
254	Host *
255	ForwardAgent no
256	ForwardX11 no
257	FallBackToRsh no
258
259	# Try authentification with the following identities
260	IdentityFile ~/.ssh/identity
261	IdentityFile ~/.ssh/id_rsa
262	IdentityFile ~/.ssh/id_dsa
263	EOF	255	EOF
264	if [ "$port_number" != "22" ]	256	if [ "$port_number" != "22" ]
265	then	257	then
@@ -288,60 +280,69 @@ if [ ! -f "${SYSCONFDIR}/sshd_config" ]
288	then	280	then
289	echo "Generating ${SYSCONFDIR}/sshd_config file"	281	echo "Generating ${SYSCONFDIR}/sshd_config file"
290	cat > ${SYSCONFDIR}/sshd_config << EOF	282	cat > ${SYSCONFDIR}/sshd_config << EOF
291	# This is ssh server systemwide configuration file.	283	# This is the sshd server system-wide configuration file. See sshd(8)
		284	# for more information.
292		285
293	Port $port_number	286	Port $port_number
294	#	287	#Protocol 2,1
295	Protocol 2,1	288	#ListenAddress 0.0.0.0
296	ListenAddress 0.0.0.0
297	#ListenAddress ::	289	#ListenAddress ::
298	#	290
299	# Uncomment the following lines according to the used authentication	291	# HostKey for protocol version 1
300	HostKey /etc/ssh_host_key	292	HostKey /etc/ssh_host_key
		293	# HostKeys for protocol version 2
301	HostKey /etc/ssh_host_rsa_key	294	HostKey /etc/ssh_host_rsa_key
302	HostKey /etc/ssh_host_dsa_key	295	HostKey /etc/ssh_host_dsa_key
		296
		297	# Lifetime and size of ephemeral version 1 server ke
		298	KeyRegenerationInterval 3600
303	ServerKeyBits 768	299	ServerKeyBits 768
		300
		301	# Logging
		302	SyslogFacility AUTH
		303	LogLevel INFO
		304	#obsoletes QuietMode and FascistLogging
		305
		306	# Authentication:
		307
304	LoginGraceTime 600	308	LoginGraceTime 600
305	KeyRegenerationInterval 3600
306	PermitRootLogin yes	309	PermitRootLogin yes
307	#
308	# Don't read ~/.rhosts and ~/.shosts files
309	IgnoreRhosts yes
310	# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
311	#IgnoreUserKnownHosts yes
312
313	#
314	# The following setting overrides permission checks on host key files	310	# The following setting overrides permission checks on host key files
315	# and directories. For security reasons set this to "yes" when running	311	# and directories. For security reasons set this to "yes" when running
316	# NT/W2K, NTFS and CYGWIN=ntsec.	312	# NT/W2K, NTFS and CYGWIN=ntsec.
317	StrictModes no	313	StrictModes no
318		314
319	X11Forwarding no	315	RSAAuthentication yes
320	X11DisplayOffset 10	316	PubkeyAuthentication yes
321	PrintMotd yes	317	#AuthorizedKeysFile %h/.ssh/authorized_keys
322	KeepAlive yes
323
324	# Logging
325	SyslogFacility AUTH
326	LogLevel INFO
327	#obsoletes QuietMode and FascistLogging
328		318
		319	# rhosts authentication should not be used
329	RhostsAuthentication no	320	RhostsAuthentication no
330	#	321	# Don't read ~/.rhosts and ~/.shosts files
		322	IgnoreRhosts yes
331	# For this to work you will also need host keys in /etc/ssh_known_hosts	323	# For this to work you will also need host keys in /etc/ssh_known_hosts
332	RhostsRSAAuthentication no	324	RhostsRSAAuthentication no
		325	# similar for protocol version 2
		326	HostbasedAuthentication no
		327	# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
		328	#IgnoreUserKnownHosts yes
333		329
334	RSAAuthentication yes	330	# To disable tunneled clear text passwords, change to no here!
335
336	PasswordAuthentication yes	331	PasswordAuthentication yes
337	PermitEmptyPasswords no	332	PermitEmptyPasswords no
338		333
339	CheckMail no	334	X11Forwarding no
340	UseLogin no	335	X11DisplayOffset 10
		336	PrintMotd yes
		337	#PrintLastLog no
		338	KeepAlive yes
		339	#UseLogin no
341		340
342	#Uncomment if you want to enable sftp
343	#Subsystem sftp /usr/sbin/sftp-server
344	#MaxStartups 10:30:60	341	#MaxStartups 10:30:60
		342	#Banner /etc/issue.net
		343	#ReverseMappingCheck yes
		344
		345	Subsystem sftp /usr/sbin/sftp-server
345	EOF	346	EOF
346	fi	347	fi
347		348