Greg + Markus,
mandatory, ok. thanks for replying. re "well out of date" yep, like
the man.. :-)
regards.
07.09.22, 18:17 +0200 jr:
am fairly new to Debian and am puzzled that the 'sshd_config' file
does not have a setting for the 'UsePrivilegeSeparation' keyword. it
is also not mentioned in the man page. on another machine (not
Debian) I have OpenSSH s/ware installed which
On Wed, Sep 07, 2022 at 05:17:22PM +0100, jr wrote:
> am fairly new to Debian and am puzzled that the 'sshd_config' file
> does not have a setting for the 'UsePrivilegeSeparation' keyword. it
> is also not mentioned in the man page.
It's no longer optiona
hi,
am fairly new to Debian and am puzzled that the 'sshd_config' file
does not have a setting for the 'UsePrivilegeSeparation' keyword. it
is also not mentioned in the man page. on another machine (not
Debian) I have OpenSSH s/ware installed which provides the option;
d recommend large lists of packages, helping to keep
> all hosts in sync.
>
> For openssh I have the problem that I can only override the whole
> ssh_config and sshd_config files. I cannot *extend* them. I had
> hoped to avoid the dpkg-divert.
You might try to patch (and unpatch, a
,
logrotate, local certificates, fonts, etc. Most important: They
depend on and recommend large lists of packages, helping to keep
all hosts in sync.
For openssh I have the problem that I can only override the whole
ssh_config and sshd_config files. I cannot *extend* them. I had
hoped to avoid the dpkg-divert.
Regards
Harri
ssibility is to systematically keep you own version of
sshd_config and perform the upgrade later with `cme migrate sshd` [1].
That said I've not found the time to keep up with the latest version of
ssh configuration and cme works with openssh 6. Some work is needed
to update cme with n
ig file. For sshd the config directive is "Include".
> >
>
> Are you sure about this?
>
> root@jessie2:/etc/ssh# /usr/sbin/sshd -d
> /etc/ssh/sshd_config: line 90: Bad configuration option: Include
> /etc/ssh/sshd_config: terminating, 1 bad configuration option
ou sure about this?
root@jessie2:/etc/ssh# /usr/sbin/sshd -d
/etc/ssh/sshd_config: line 90: Bad configuration option: Include
/etc/ssh/sshd_config: terminating, 1 bad configuration options
>> What would you consider best practice to keep your ssh hosts (>300)
>> in sync wrt the most i
Hi Harald,
On Thu, Feb 02, 2017 at 09:40:48AM +0100, Harald Dunkel wrote:
> Problem: Deploying a custom ssh authentication scheme common to
> all Debian hosts in the lan appears to be apita, esp. since the
> next openssh upgrade might put the default config files upside
> down again.
When you do
Hi folks,
Problem: Deploying a custom ssh authentication scheme common to
all Debian hosts in the lan appears to be apita, esp. since the
next openssh upgrade might put the default config files upside
down again.
What would you consider best practice to keep your ssh hosts (>300)
in sync wrt the
On 30/08/12 16:20, Brian wrote:
> On Thu 30 Aug 2012 at 14:37:34 +0100, Roger Lynn wrote:
>> I want to force everyone except members of a particular group to run sftp
>> when they ssh into a server. So at the end of /etc/ssh/sshd_config I have:
>>
>> Match Group !sshers
On Thu, 30 Aug 2012 14:37:34 +0100, Roger Lynn wrote:
> I want to force everyone except members of a particular group to run
> sftp when they ssh into a server. So at the end of /etc/ssh/sshd_config
> I have:
>
> Match Group !sshers
> ForceCommand /usr/lib/openssh/sftp-ser
On Thu 30 Aug 2012 at 14:37:34 +0100, Roger Lynn wrote:
> I want to force everyone except members of a particular group to run sftp
> when they ssh into a server. So at the end of /etc/ssh/sshd_config I have:
>
> Match Group !sshers
> ForceCommand /usr/lib/openssh/sftp-server
Hi,
I want to force everyone except members of a particular group to run sftp
when they ssh into a server. So at the end of /etc/ssh/sshd_config I have:
Match Group !sshers
ForceCommand /usr/lib/openssh/sftp-server
However I can't get the group negation to work. If I remove the '!
OpenPermit
option in sshd_config.
You meant "PermitOpen", right? :-)
Indeed
By default OpenPermit is set to `any': if I set
it to 127.0.0.1:12345 , I observed not restriction at all: all port can
still forward.
How are you testing this?
I use the script 'autossh.host
Hello List,
On 04/05/11 16:52, Camaleón wrote:
On Wed, 04 May 2011 04:41:32 +0200, Jerome BENOIT wrote:
I am trying to restrict ssh port forwarding to one port on my Squeeze
box: my current understanding is that I may play with the OpenPermit
option in sshd_config.
You meant "Permi
On Wed, 04 May 2011 04:41:32 +0200, Jerome BENOIT wrote:
> I am trying to restrict ssh port forwarding to one port on my Squeeze
> box: my current understanding is that I may play with the OpenPermit
> option in sshd_config.
You meant "PermitOpen", right? :-)
> By defaul
Hello List,
I am trying to restrict ssh port forwarding to one port on my Squeeze box:
my current understanding is that I may play with the OpenPermit option in
sshd_config.
By default OpenPermit is set to `any': if I set it to 127.0.0.1:12345 ,
I observed not restriction at all: all por
Jason Hsu wrote at 2011-03-02 21:59 -0600:
> PasswordAuthentication parameter
See the man page sshd_config(5).
With password authentication disabled, you will not be able to login using your
normal system password. In that case, you would probably want to set up public
key authenticat
Commented out it will mean it'll use the default, which is yes (see
'man sshd_config')
You only need to uncomment it if you want to change it to no. Although
it can also make your config more explicit by just looking at the
file.
-Steve
On 3 March 2011 03:59, Jason Hsu wrote:
The value can be yes or no. But in the default version of the
/etc/ssh/sshd_config file, the command setting the value of the
PasswordAuthentication parameter is #'d out.
What does this mean? Should I leave it as is, or should I uncomment the line?
If the latter is the case, should
Hello
I'm working to create a graphical sshd_config editor based on
Config::Model [1].
To test it, I need some samples of sshd_config files which use
advanced options like ClientAliveCountMax, Match blocks, AllowUser...
If you have such a sshd_config files, could you please send it me ?
Hello
I'm working to create a graphical sshd_config editor based on
Config::Model [1].
To test it, I need some samples of sshd_config files which use
advanced options like ClientAliveCountMax, Match blocks, AllowUser...
If you have such a sshd_config files, could you please send it me ?
24 matches
Mail list logo
