1 |
Ssh disconnects on its own accord even with keepalive. I disable all |
2 |
methods of authentication except for public keys. You'll have to |
3 |
create a pub/private pair and copy the public key to |
4 |
$HOME/.ssh/authorized_keys. I'm on my blackberry so I can't type out |
5 |
full directions but gentoo has docs. |
6 |
|
7 |
On 10/10/08, David Rioja <rams@×××××××××××.com> wrote: |
8 |
> Andrey Falko escribió: |
9 |
>> On Thu, Oct 9, 2008 at 1:06 AM, David Rioja <rams@×××××××××××.com> wrote: |
10 |
>> |
11 |
>>> This is my very first post to the list, so hello you all :) |
12 |
>>> |
13 |
>>> I've been editing /etc/ssh/sshd_config in order to configure SSH as told |
14 |
>>> in |
15 |
>>> the guide at gentoo.org. The options you have to set for a quick start |
16 |
>>> configuration are: |
17 |
>>> |
18 |
>>> Port 22 |
19 |
>>> Protocol 2 |
20 |
>>> ServerKeyBits 2048 |
21 |
>>> SyslogFacility AUTH |
22 |
>>> LogLevel INFO |
23 |
>>> LoginGraceTime 60 |
24 |
>>> PermitRootLogin no |
25 |
>>> RSAAuthentication no |
26 |
>>> PubkeyAuthentication yes |
27 |
>>> PasswordAuthentication no |
28 |
>>> PermitEmptyPasswords no |
29 |
>>> PAMAuthenticationViaKbdInt no |
30 |
>>> Compression yes |
31 |
>>> KeepAlive yes |
32 |
>>> ClientAliveInterval 30 |
33 |
>>> ClientAliveCountMax 4 |
34 |
>>> |
35 |
>>> |
36 |
>>> I have encountered two issues in that: |
37 |
>>> |
38 |
>>> 1.- When restarting the sshd service you are told |
39 |
>>> PMAAuthenticationViaKbdInt |
40 |
>>> is deprecated. |
41 |
>>> |
42 |
>>> 2.- KeepAlive is not commented in the default configuration file, there |
43 |
>>> is |
44 |
>>> TCPKeepAlive instead. I suppose same options are the same. Could anyone |
45 |
>>> confim that? |
46 |
>>> |
47 |
>>> Thanks! |
48 |
>>> |
49 |
>>> |
50 |
>>> |
51 |
>> |
52 |
>> If you want are truely quick start configuration, you should use the |
53 |
>> defaults that get installed after you install ssh. Basically, thost |
54 |
>> default will give you a working ssh that is secure and that is more |
55 |
>> than likely to work out of box. |
56 |
>> |
57 |
>> I'm not sure which Gentoo quickstart guide you are following, but it |
58 |
>> is an out of date guide. I recommend emerge -1 openssh, then running |
59 |
>> etc-update and applying the default configuration. Your goal is to get |
60 |
>> a basic working ssh daemon, right? |
61 |
>> |
62 |
>> |
63 |
>> |
64 |
>> |
65 |
> Yes, I wanted only make it work over the lan. Default options seemed not |
66 |
> to work when I tried, perhaps I forgot to start the service... who |
67 |
> knows? :-/ |
68 |
> |
69 |
> By the way, besides unabling ssh access for root, I is not a good idea |
70 |
> enabling KeepAlive? So won't be great problems if anyone go away leaving |
71 |
> his session active. Am I mistaken? |
72 |
> |
73 |
> |