[Ach] SSH improvements

Pepi Zawodsky pepi.zawodsky at maclemon.at
Sun Nov 17 14:23:59 CET 2013


On 17.11.2013, at 11:44, Tobias Millauer <is131015 at fhstp.ac.at> wrote:

> # Use only Protocol 2
> Protocol 2

That _should_ actually be the default in /etc/ssh_config today. It's a good practice to have

Host *
    Protocol 2

in your ~/.ssh/config just to be on the safe side. Some OSes still come with
Protocol 2,1
in their default config, like OS X.

> # Disable empty passwords
> PermitEmptyPasswords no
+1

> # Disable unused authentication methods
> UsePAM no
Emphasis on unused! In my experience PAM is used quite often, again I'm OS X biased here.

I expect these methods to be rarely used.
> IgnoreRhosts yes
> RhostsRSAAuthentication no
> HostbasedAuthentication no
> KerberosAuthentication no
> GSSAPIAuthentication no
> ChallengeResponseAuthentication no

Best regards
Pepi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131117/dad30298/attachment.sig>


More information about the Ach mailing list