![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh|
Return to sshd_config CVS log | Up to [local] / src / usr.bin / ssh |
| File: [local] / src / usr.bin / ssh / sshd_config (download)
Revision 1.9, Thu Oct 7 21:45:03 1999 UTC (24 years, 8 months ago) by markus
add skey to sshd:
1) pass *pw to auth_password() not user_name, do_authentication already
keeps private copy of struct passwd for current user.
2) limit authentication attemps to 5, otherwise
ssh -o 'NumberOfPasswordPrompts 100000' host
lets you enter 100000 passwds
3) make s/key a run-time option in /etc/sshd_config
4) generate fake skeys,
for s/key for nonexisting users, too
limit auth-tries for nonexisting users, too.
Note that
% ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host
has NO limits in ssh-1.2.27
|
# This is ssh server systemwide configuration file. Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes StrictModes yes QuietMode no X11Forwarding no X11DisplayOffset 10 FascistLogging no PrintMotd yes KeepAlive yes SyslogFacility AUTH RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # # Changed RSAAuthentication to no/bg RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes # XXX implement these #UseLogin no #CheckMail no # AllowHosts *.our.com friend.other.com # DenyHosts lowsecurity.theirs.com *.evil.org evil.org