summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2016-12-23 22:24:31 +0000
committerColin Watson <cjwatson@debian.org>2016-12-23 22:24:31 +0000
commitdc33b892174f9c306c1b946f37ba400561693e7e (patch)
treed3d44e9fa58c3524c5fdae50364d9f13f0f9a1eb /debian
parentee52365e713e546dbd878d73d9590dbaccd760ba (diff)
Remove entries related to protocol 1 from the default sshd_config generated on new installations.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog2
-rw-r--r--debian/openssh-server.postinst7
2 files changed, 2 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog
index c2065c580..d2eb7f643 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -115,6 +115,8 @@ openssh (1:7.4p1-1) UNRELEASED; urgency=medium
115 - sshd(8): Improve PRNG reseeding across privilege separation and force 115 - sshd(8): Improve PRNG reseeding across privilege separation and force
116 libcrypto to obtain a high-quality seed before chroot or sandboxing. 116 libcrypto to obtain a high-quality seed before chroot or sandboxing.
117 * Apply "wrap-and-sort -at -f debian/control -f debian/tests/control". 117 * Apply "wrap-and-sort -at -f debian/control -f debian/tests/control".
118 * Remove entries related to protocol 1 from the default sshd_config
119 generated on new installations.
118 120
119 -- Colin Watson <cjwatson@debian.org> Mon, 05 Dec 2016 19:31:33 +0000 121 -- Colin Watson <cjwatson@debian.org> Mon, 05 Dec 2016 19:31:33 +0000
120 122
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index ff61c4f1b..35a6b477b 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -177,10 +177,6 @@ HostKey /etc/ssh/ssh_host_ed25519_key
177#Privilege Separation is turned on for security 177#Privilege Separation is turned on for security
178UsePrivilegeSeparation yes 178UsePrivilegeSeparation yes
179 179
180# Lifetime and size of ephemeral version 1 server key
181KeyRegenerationInterval 3600
182ServerKeyBits 1024
183
184# Logging 180# Logging
185SyslogFacility AUTH 181SyslogFacility AUTH
186LogLevel INFO 182LogLevel INFO
@@ -190,15 +186,12 @@ LoginGraceTime 120
190PermitRootLogin prohibit-password 186PermitRootLogin prohibit-password
191StrictModes yes 187StrictModes yes
192 188
193RSAAuthentication yes
194PubkeyAuthentication yes 189PubkeyAuthentication yes
195#AuthorizedKeysFile %h/.ssh/authorized_keys 190#AuthorizedKeysFile %h/.ssh/authorized_keys
196 191
197# Don't read the user's ~/.rhosts and ~/.shosts files 192# Don't read the user's ~/.rhosts and ~/.shosts files
198IgnoreRhosts yes 193IgnoreRhosts yes
199# For this to work you will also need host keys in /etc/ssh_known_hosts 194# For this to work you will also need host keys in /etc/ssh_known_hosts
200RhostsRSAAuthentication no
201# similar for protocol version 2
202HostbasedAuthentication no 195HostbasedAuthentication no
203# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication 196# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
204#IgnoreUserKnownHosts yes 197#IgnoreUserKnownHosts yes