opendev/system-config
Code Issues Proposed changes

Remove ssh v1 options from sshd_config

Browse Source 
The options are deprecated and don't do anything - but they do put
warnings into the service logs.

Change-Id: If53bc8aecc7df75c99ae71e5adb8189790405795
This commit is contained in:
Monty Taylor
2018-08-20 09:35:02 -05:00
parent 59f03951f7
commit 576f1b9976
1 changed files with 0 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
playbooks/roles/base-server/templates/sshd_config.j2
View File

@@ -15,10 +15,6 @@ HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security #Privilege Separation is turned on for security
UsePrivilegeSeparation yes UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging # Logging
SyslogFacility AUTH SyslogFacility AUTH
LogLevel INFO LogLevel INFO
@@ -28,14 +24,11 @@ LoginGraceTime 120
PermitRootLogin no PermitRootLogin no
StrictModes yes StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys #AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files # Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2 # similar for protocol version 2
HostbasedAuthentication no HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication