diff options
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/cygwin/ssh-host-config | 95 |
1 files changed, 48 insertions, 47 deletions
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 83eff3a13..bfeee7fca 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
@@ -98,7 +98,7 @@ then | |||
98 | echo | 98 | echo |
99 | echo "There are still ssh processes running. Please shut them down first." | 99 | echo "There are still ssh processes running. Please shut them down first." |
100 | echo | 100 | echo |
101 | exit 1 | 101 | #exit 1 |
102 | fi | 102 | fi |
103 | 103 | ||
104 | # Check for ${SYSCONFDIR} directory | 104 | # Check for ${SYSCONFDIR} directory |
@@ -234,9 +234,9 @@ then | |||
234 | # Site-wide defaults for various options | 234 | # Site-wide defaults for various options |
235 | 235 | ||
236 | # Host * | 236 | # Host * |
237 | # ForwardAgent yes | 237 | # ForwardAgent no |
238 | # ForwardX11 yes | 238 | # ForwardX11 no |
239 | # RhostsAuthentication yes | 239 | # RhostsAuthentication no |
240 | # RhostsRSAAuthentication yes | 240 | # RhostsRSAAuthentication yes |
241 | # RSAAuthentication yes | 241 | # RSAAuthentication yes |
242 | # PasswordAuthentication yes | 242 | # PasswordAuthentication yes |
@@ -244,22 +244,14 @@ then | |||
244 | # UseRsh no | 244 | # UseRsh no |
245 | # BatchMode no | 245 | # BatchMode no |
246 | # CheckHostIP yes | 246 | # CheckHostIP yes |
247 | # StrictHostKeyChecking no | 247 | # StrictHostKeyChecking yes |
248 | # IdentityFile ~/.ssh/identity | ||
249 | # IdentityFile ~/.ssh/id_dsa | ||
250 | # IdentityFile ~/.ssh/id_rsa | ||
248 | # Port 22 | 251 | # Port 22 |
249 | # Protocol 2,1 | 252 | # Protocol 2,1 |
250 | # Cipher 3des | 253 | # Cipher blowfish |
251 | # EscapeChar ~ | 254 | # EscapeChar ~ |
252 | |||
253 | # Be paranoid by default | ||
254 | Host * | ||
255 | ForwardAgent no | ||
256 | ForwardX11 no | ||
257 | FallBackToRsh no | ||
258 | |||
259 | # Try authentification with the following identities | ||
260 | IdentityFile ~/.ssh/identity | ||
261 | IdentityFile ~/.ssh/id_rsa | ||
262 | IdentityFile ~/.ssh/id_dsa | ||
263 | EOF | 255 | EOF |
264 | if [ "$port_number" != "22" ] | 256 | if [ "$port_number" != "22" ] |
265 | then | 257 | then |
@@ -288,60 +280,69 @@ if [ ! -f "${SYSCONFDIR}/sshd_config" ] | |||
288 | then | 280 | then |
289 | echo "Generating ${SYSCONFDIR}/sshd_config file" | 281 | echo "Generating ${SYSCONFDIR}/sshd_config file" |
290 | cat > ${SYSCONFDIR}/sshd_config << EOF | 282 | cat > ${SYSCONFDIR}/sshd_config << EOF |
291 | # This is ssh server systemwide configuration file. | 283 | # This is the sshd server system-wide configuration file. See sshd(8) |
284 | # for more information. | ||
292 | 285 | ||
293 | Port $port_number | 286 | Port $port_number |
294 | # | 287 | #Protocol 2,1 |
295 | Protocol 2,1 | 288 | #ListenAddress 0.0.0.0 |
296 | ListenAddress 0.0.0.0 | ||
297 | #ListenAddress :: | 289 | #ListenAddress :: |
298 | # | 290 | |
299 | # Uncomment the following lines according to the used authentication | 291 | # HostKey for protocol version 1 |
300 | HostKey /etc/ssh_host_key | 292 | HostKey /etc/ssh_host_key |
293 | # HostKeys for protocol version 2 | ||
301 | HostKey /etc/ssh_host_rsa_key | 294 | HostKey /etc/ssh_host_rsa_key |
302 | HostKey /etc/ssh_host_dsa_key | 295 | HostKey /etc/ssh_host_dsa_key |
296 | |||
297 | # Lifetime and size of ephemeral version 1 server ke | ||
298 | KeyRegenerationInterval 3600 | ||
303 | ServerKeyBits 768 | 299 | ServerKeyBits 768 |
300 | |||
301 | # Logging | ||
302 | SyslogFacility AUTH | ||
303 | LogLevel INFO | ||
304 | #obsoletes QuietMode and FascistLogging | ||
305 | |||
306 | # Authentication: | ||
307 | |||
304 | LoginGraceTime 600 | 308 | LoginGraceTime 600 |
305 | KeyRegenerationInterval 3600 | ||
306 | PermitRootLogin yes | 309 | PermitRootLogin yes |
307 | # | ||
308 | # Don't read ~/.rhosts and ~/.shosts files | ||
309 | IgnoreRhosts yes | ||
310 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | ||
311 | #IgnoreUserKnownHosts yes | ||
312 | |||
313 | # | ||
314 | # The following setting overrides permission checks on host key files | 310 | # The following setting overrides permission checks on host key files |
315 | # and directories. For security reasons set this to "yes" when running | 311 | # and directories. For security reasons set this to "yes" when running |
316 | # NT/W2K, NTFS and CYGWIN=ntsec. | 312 | # NT/W2K, NTFS and CYGWIN=ntsec. |
317 | StrictModes no | 313 | StrictModes no |
318 | 314 | ||
319 | X11Forwarding no | 315 | RSAAuthentication yes |
320 | X11DisplayOffset 10 | 316 | PubkeyAuthentication yes |
321 | PrintMotd yes | 317 | #AuthorizedKeysFile %h/.ssh/authorized_keys |
322 | KeepAlive yes | ||
323 | |||
324 | # Logging | ||
325 | SyslogFacility AUTH | ||
326 | LogLevel INFO | ||
327 | #obsoletes QuietMode and FascistLogging | ||
328 | 318 | ||
319 | # rhosts authentication should not be used | ||
329 | RhostsAuthentication no | 320 | RhostsAuthentication no |
330 | # | 321 | # Don't read ~/.rhosts and ~/.shosts files |
322 | IgnoreRhosts yes | ||
331 | # For this to work you will also need host keys in /etc/ssh_known_hosts | 323 | # For this to work you will also need host keys in /etc/ssh_known_hosts |
332 | RhostsRSAAuthentication no | 324 | RhostsRSAAuthentication no |
325 | # similar for protocol version 2 | ||
326 | HostbasedAuthentication no | ||
327 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | ||
328 | #IgnoreUserKnownHosts yes | ||
333 | 329 | ||
334 | RSAAuthentication yes | 330 | # To disable tunneled clear text passwords, change to no here! |
335 | |||
336 | PasswordAuthentication yes | 331 | PasswordAuthentication yes |
337 | PermitEmptyPasswords no | 332 | PermitEmptyPasswords no |
338 | 333 | ||
339 | CheckMail no | 334 | X11Forwarding no |
340 | UseLogin no | 335 | X11DisplayOffset 10 |
336 | PrintMotd yes | ||
337 | #PrintLastLog no | ||
338 | KeepAlive yes | ||
339 | #UseLogin no | ||
341 | 340 | ||
342 | #Uncomment if you want to enable sftp | ||
343 | #Subsystem sftp /usr/sbin/sftp-server | ||
344 | #MaxStartups 10:30:60 | 341 | #MaxStartups 10:30:60 |
342 | #Banner /etc/issue.net | ||
343 | #ReverseMappingCheck yes | ||
344 | |||
345 | Subsystem sftp /usr/sbin/sftp-server | ||
345 | EOF | 346 | EOF |
346 | fi | 347 | fi |
347 | 348 | ||