diff options
| author | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
| commit | 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch) | |
| tree | 89400a44e42d84937deba7864e4964d6c7734da5 /sshd_config | |
| parent | 87c685b8c6a49814fd782288097b3093f975aa72 (diff) | |
| parent | 3a7e89697ca363de0f64e0d5704c57219294e41c (diff) | |
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
Diffstat (limited to 'sshd_config')
| -rw-r--r-- | sshd_config | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sshd_config b/sshd_config index c3ad1fe61..e7a33399b 100644 --- a/sshd_config +++ b/sshd_config | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ | 1 | # $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ |
| 2 | 2 | ||
| 3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
| 4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
| @@ -7,7 +7,7 @@ | |||
| 7 | 7 | ||
| 8 | # The strategy used for options in the default sshd_config shipped with | 8 | # The strategy used for options in the default sshd_config shipped with |
| 9 | # OpenSSH is to specify options with their default value where | 9 | # OpenSSH is to specify options with their default value where |
| 10 | # possible, but leave them commented. Uncommented options change a | 10 | # possible, but leave them commented. Uncommented options override the |
| 11 | # default value. | 11 | # default value. |
| 12 | 12 | ||
| 13 | #Port 22 | 13 | #Port 22 |
| @@ -45,7 +45,10 @@ | |||
| 45 | 45 | ||
| 46 | #RSAAuthentication yes | 46 | #RSAAuthentication yes |
| 47 | #PubkeyAuthentication yes | 47 | #PubkeyAuthentication yes |
| 48 | #AuthorizedKeysFile .ssh/authorized_keys | 48 | |
| 49 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 | ||
| 50 | # but this is overridden so installations will only check .ssh/authorized_keys | ||
| 51 | AuthorizedKeysFile .ssh/authorized_keys | ||
| 49 | 52 | ||
| 50 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | 53 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts |
| 51 | #RhostsRSAAuthentication no | 54 | #RhostsRSAAuthentication no |