[Ach] SSH improvements
Pepi Zawodsky
pepi.zawodsky at maclemon.at
Sun Nov 17 14:23:59 CET 2013
On 17.11.2013, at 11:44, Tobias Millauer <is131015 at fhstp.ac.at> wrote:
> # Use only Protocol 2
> Protocol 2
That _should_ actually be the default in /etc/ssh_config today. It's a good practice to have
Host *
Protocol 2
in your ~/.ssh/config just to be on the safe side. Some OSes still come with
Protocol 2,1
in their default config, like OS X.
> # Disable empty passwords
> PermitEmptyPasswords no
+1
> # Disable unused authentication methods
> UsePAM no
Emphasis on unused! In my experience PAM is used quite often, again I'm OS X biased here.
I expect these methods to be rarely used.
> IgnoreRhosts yes
> RhostsRSAAuthentication no
> HostbasedAuthentication no
> KerberosAuthentication no
> GSSAPIAuthentication no
> ChallengeResponseAuthentication no
Best regards
Pepi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131117/dad30298/attachment.sig>
More information about the Ach
mailing list