[rescue] avoiding ssh session keys

Dan Sikorski rescue at sunhelp.org
Tue Oct 30 11:41:32 CST 2001 

> The only relevant thing that I have in /etc/ssh/sshd_config is:
> 
>   KeyRegenerationInterval 3600
> 
> Which is the standard anyway.  You could post your sshd_config file, and
> from memory not having reverse DNS properly setup can cause major `hangs'.

Well, i've ruled out reverse DNS, as one of the machines didn't have a
reverse DNS entry, and the other did.  (and because of that, one of them
spouted an error about rDNS, and the other did not) But now they both
have proper rDNS entries, and that made no difference in time to get a
password prompt.

The /etc/sshd.conf is below.

	-Dan Sikorski


#       $NetBSD: sshd_config,v 1.2.2.1 2001/02/26 20:27:14 he Exp $
#       $OpenBSD: sshd_config,v 1.32 2001/02/06 22:07:50 deraadt Exp $

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh_host_key
HostKey /etc/ssh_host_dsa_key
#HostKey /etc/ssh_host_rsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
IgnoreRootRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
ChallengeResponseAuthentication no

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem       sftp    /usr/libexec/sftp-server

More information about the rescue mailing list