diff options
| author | Colin Watson <cjwatson@debian.org> | 2016-12-23 22:24:31 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2016-12-23 22:24:31 +0000 |
| commit | dc33b892174f9c306c1b946f37ba400561693e7e (patch) | |
| tree | d3d44e9fa58c3524c5fdae50364d9f13f0f9a1eb /debian | |
| parent | ee52365e713e546dbd878d73d9590dbaccd760ba (diff) | |
Remove entries related to protocol 1 from the default sshd_config generated on new installations.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/openssh-server.postinst | 7 |
2 files changed, 2 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog index c2065c580..d2eb7f643 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -115,6 +115,8 @@ openssh (1:7.4p1-1) UNRELEASED; urgency=medium | |||
| 115 | - sshd(8): Improve PRNG reseeding across privilege separation and force | 115 | - sshd(8): Improve PRNG reseeding across privilege separation and force |
| 116 | libcrypto to obtain a high-quality seed before chroot or sandboxing. | 116 | libcrypto to obtain a high-quality seed before chroot or sandboxing. |
| 117 | * Apply "wrap-and-sort -at -f debian/control -f debian/tests/control". | 117 | * Apply "wrap-and-sort -at -f debian/control -f debian/tests/control". |
| 118 | * Remove entries related to protocol 1 from the default sshd_config | ||
| 119 | generated on new installations. | ||
| 118 | 120 | ||
| 119 | -- Colin Watson <cjwatson@debian.org> Mon, 05 Dec 2016 19:31:33 +0000 | 121 | -- Colin Watson <cjwatson@debian.org> Mon, 05 Dec 2016 19:31:33 +0000 |
| 120 | 122 | ||
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index ff61c4f1b..35a6b477b 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst | |||
| @@ -177,10 +177,6 @@ HostKey /etc/ssh/ssh_host_ed25519_key | |||
| 177 | #Privilege Separation is turned on for security | 177 | #Privilege Separation is turned on for security |
| 178 | UsePrivilegeSeparation yes | 178 | UsePrivilegeSeparation yes |
| 179 | 179 | ||
| 180 | # Lifetime and size of ephemeral version 1 server key | ||
| 181 | KeyRegenerationInterval 3600 | ||
| 182 | ServerKeyBits 1024 | ||
| 183 | |||
| 184 | # Logging | 180 | # Logging |
| 185 | SyslogFacility AUTH | 181 | SyslogFacility AUTH |
| 186 | LogLevel INFO | 182 | LogLevel INFO |
| @@ -190,15 +186,12 @@ LoginGraceTime 120 | |||
| 190 | PermitRootLogin prohibit-password | 186 | PermitRootLogin prohibit-password |
| 191 | StrictModes yes | 187 | StrictModes yes |
| 192 | 188 | ||
| 193 | RSAAuthentication yes | ||
| 194 | PubkeyAuthentication yes | 189 | PubkeyAuthentication yes |
| 195 | #AuthorizedKeysFile %h/.ssh/authorized_keys | 190 | #AuthorizedKeysFile %h/.ssh/authorized_keys |
| 196 | 191 | ||
| 197 | # Don't read the user's ~/.rhosts and ~/.shosts files | 192 | # Don't read the user's ~/.rhosts and ~/.shosts files |
| 198 | IgnoreRhosts yes | 193 | IgnoreRhosts yes |
| 199 | # For this to work you will also need host keys in /etc/ssh_known_hosts | 194 | # For this to work you will also need host keys in /etc/ssh_known_hosts |
| 200 | RhostsRSAAuthentication no | ||
| 201 | # similar for protocol version 2 | ||
| 202 | HostbasedAuthentication no | 195 | HostbasedAuthentication no |
| 203 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | 196 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication |
| 204 | #IgnoreUserKnownHosts yes | 197 | #IgnoreUserKnownHosts yes |