DragonFly BSD
DragonFly commits List (threaded) for 2010-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

git: sshd - Add safety measures to the default installed sshd_config


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 3 Feb 2010 11:06:12 -0800 (PST)

commit a2fe50b040a514cfa4e6937a87093be6ca0c8693
Author: Matthew Dillon <dillon@apollo.backplane.com>
Date:   Wed Feb 3 10:24:36 2010 -0800

    sshd - Add safety measures to the default installed sshd_config
    
    * Uncomment various sshd_config options to enforce their defaults.
      This does not make any changes to the current defaults but ensures that
      the configuration state for these particular options will not change
      if the default happens to be changed in the distributed codebase.
    
      RhostsRSAAuthentication no
      HostbasedAuthentication no
      IgnoreRhosts yes
    
    * Change the ChallengeResponseAuthentication default from 'yes' to 'no'.
      This only applies to PAM and PAM is disabled by default so this change
      has no effect unless PAM is enabled by default at some future time.
    
    * For now leave UsePAM commented out, do not enforce its default 'no' state.
      The changes above will make it safe if the codebase default changes in
      the future.  The codebase default is currently 'no'.
    
    * Note that we previously also changed the PasswordAuthentication default
      to 'no', so everything is on the same page now.
    
    Suggested-by: Doug Barton <dougb@freebsd.org> (generally)

Summary of changes:
 crypto/openssh/sshd_config |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a2fe50b040a514cfa4e6937a87093be6ca0c8693


-- 
DragonFly BSD source repository



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]