diff options
| author | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
| commit | eab78da6a54225de06271d9c8da650f04a55ed88 (patch) | |
| tree | aa258ca77515939f6d89317ff67fbcb0bca08b24 /sshd_config | |
| parent | a26f5de49df59322fde07f7be91b3e3969c9c238 (diff) | |
| parent | c6a2c0334e45419875687d250aed9bea78480f2e (diff) | |
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
Diffstat (limited to 'sshd_config')
| -rw-r--r-- | sshd_config | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sshd_config b/sshd_config index e7a33399b..2523015de 100644 --- a/sshd_config +++ b/sshd_config | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ | 1 | # $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $ |
| 2 | 2 | ||
| 3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
| 4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
| @@ -50,6 +50,8 @@ | |||
| 50 | # but this is overridden so installations will only check .ssh/authorized_keys | 50 | # but this is overridden so installations will only check .ssh/authorized_keys |
| 51 | AuthorizedKeysFile .ssh/authorized_keys | 51 | AuthorizedKeysFile .ssh/authorized_keys |
| 52 | 52 | ||
| 53 | #AuthorizedPrincipalsFile none | ||
| 54 | |||
| 53 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | 55 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts |
| 54 | #RhostsRSAAuthentication no | 56 | #RhostsRSAAuthentication no |
| 55 | # similar for protocol version 2 | 57 | # similar for protocol version 2 |
| @@ -100,7 +102,7 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
| 100 | #PrintLastLog yes | 102 | #PrintLastLog yes |
| 101 | #TCPKeepAlive yes | 103 | #TCPKeepAlive yes |
| 102 | #UseLogin no | 104 | #UseLogin no |
| 103 | #UsePrivilegeSeparation yes | 105 | UsePrivilegeSeparation sandbox # Default for new installations. |
| 104 | #PermitUserEnvironment no | 106 | #PermitUserEnvironment no |
| 105 | #Compression delayed | 107 | #Compression delayed |
| 106 | #ClientAliveInterval 0 | 108 | #ClientAliveInterval 0 |
| @@ -110,6 +112,7 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
| 110 | #MaxStartups 10 | 112 | #MaxStartups 10 |
| 111 | #PermitTunnel no | 113 | #PermitTunnel no |
| 112 | #ChrootDirectory none | 114 | #ChrootDirectory none |
| 115 | #VersionAddendum none | ||
| 113 | 116 | ||
| 114 | # no default banner path | 117 | # no default banner path |
| 115 | #Banner none | 118 | #Banner none |