diff options
author | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
commit | eab78da6a54225de06271d9c8da650f04a55ed88 (patch) | |
tree | aa258ca77515939f6d89317ff67fbcb0bca08b24 /sshd_config | |
parent | a26f5de49df59322fde07f7be91b3e3969c9c238 (diff) | |
parent | c6a2c0334e45419875687d250aed9bea78480f2e (diff) |
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
Diffstat (limited to 'sshd_config')
-rw-r--r-- | sshd_config | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sshd_config b/sshd_config index e7a33399b..2523015de 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ | 1 | # $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
@@ -50,6 +50,8 @@ | |||
50 | # but this is overridden so installations will only check .ssh/authorized_keys | 50 | # but this is overridden so installations will only check .ssh/authorized_keys |
51 | AuthorizedKeysFile .ssh/authorized_keys | 51 | AuthorizedKeysFile .ssh/authorized_keys |
52 | 52 | ||
53 | #AuthorizedPrincipalsFile none | ||
54 | |||
53 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | 55 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts |
54 | #RhostsRSAAuthentication no | 56 | #RhostsRSAAuthentication no |
55 | # similar for protocol version 2 | 57 | # similar for protocol version 2 |
@@ -100,7 +102,7 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
100 | #PrintLastLog yes | 102 | #PrintLastLog yes |
101 | #TCPKeepAlive yes | 103 | #TCPKeepAlive yes |
102 | #UseLogin no | 104 | #UseLogin no |
103 | #UsePrivilegeSeparation yes | 105 | UsePrivilegeSeparation sandbox # Default for new installations. |
104 | #PermitUserEnvironment no | 106 | #PermitUserEnvironment no |
105 | #Compression delayed | 107 | #Compression delayed |
106 | #ClientAliveInterval 0 | 108 | #ClientAliveInterval 0 |
@@ -110,6 +112,7 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
110 | #MaxStartups 10 | 112 | #MaxStartups 10 |
111 | #PermitTunnel no | 113 | #PermitTunnel no |
112 | #ChrootDirectory none | 114 | #ChrootDirectory none |
115 | #VersionAddendum none | ||
113 | 116 | ||
114 | # no default banner path | 117 | # no default banner path |
115 | #Banner none | 118 | #Banner none |