diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/openssh-server.postinst | 7 |
2 files changed, 2 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog index c2065c580..d2eb7f643 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -115,6 +115,8 @@ openssh (1:7.4p1-1) UNRELEASED; urgency=medium | |||
115 | - sshd(8): Improve PRNG reseeding across privilege separation and force | 115 | - sshd(8): Improve PRNG reseeding across privilege separation and force |
116 | libcrypto to obtain a high-quality seed before chroot or sandboxing. | 116 | libcrypto to obtain a high-quality seed before chroot or sandboxing. |
117 | * Apply "wrap-and-sort -at -f debian/control -f debian/tests/control". | 117 | * Apply "wrap-and-sort -at -f debian/control -f debian/tests/control". |
118 | * Remove entries related to protocol 1 from the default sshd_config | ||
119 | generated on new installations. | ||
118 | 120 | ||
119 | -- Colin Watson <cjwatson@debian.org> Mon, 05 Dec 2016 19:31:33 +0000 | 121 | -- Colin Watson <cjwatson@debian.org> Mon, 05 Dec 2016 19:31:33 +0000 |
120 | 122 | ||
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index ff61c4f1b..35a6b477b 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst | |||
@@ -177,10 +177,6 @@ HostKey /etc/ssh/ssh_host_ed25519_key | |||
177 | #Privilege Separation is turned on for security | 177 | #Privilege Separation is turned on for security |
178 | UsePrivilegeSeparation yes | 178 | UsePrivilegeSeparation yes |
179 | 179 | ||
180 | # Lifetime and size of ephemeral version 1 server key | ||
181 | KeyRegenerationInterval 3600 | ||
182 | ServerKeyBits 1024 | ||
183 | |||
184 | # Logging | 180 | # Logging |
185 | SyslogFacility AUTH | 181 | SyslogFacility AUTH |
186 | LogLevel INFO | 182 | LogLevel INFO |
@@ -190,15 +186,12 @@ LoginGraceTime 120 | |||
190 | PermitRootLogin prohibit-password | 186 | PermitRootLogin prohibit-password |
191 | StrictModes yes | 187 | StrictModes yes |
192 | 188 | ||
193 | RSAAuthentication yes | ||
194 | PubkeyAuthentication yes | 189 | PubkeyAuthentication yes |
195 | #AuthorizedKeysFile %h/.ssh/authorized_keys | 190 | #AuthorizedKeysFile %h/.ssh/authorized_keys |
196 | 191 | ||
197 | # Don't read the user's ~/.rhosts and ~/.shosts files | 192 | # Don't read the user's ~/.rhosts and ~/.shosts files |
198 | IgnoreRhosts yes | 193 | IgnoreRhosts yes |
199 | # For this to work you will also need host keys in /etc/ssh_known_hosts | 194 | # For this to work you will also need host keys in /etc/ssh_known_hosts |
200 | RhostsRSAAuthentication no | ||
201 | # similar for protocol version 2 | ||
202 | HostbasedAuthentication no | 195 | HostbasedAuthentication no |
203 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | 196 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication |
204 | #IgnoreUserKnownHosts yes | 197 | #IgnoreUserKnownHosts yes |