[20497] in Athena Bugs
Athena 9.1 - SSH (sshd_config) changes
daemon@ATHENA.MIT.EDU (Tom Cavin)
Wed Jul 17 17:57:42 2002
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15669.59475.279324.296603@lap1-wccf.mit.edu>
Date: Wed, 17 Jul 2002 17:57:39 -0400
From: Tom Cavin <cavin@MIT.EDU>
To: Athena Bugs list <bugs@mit.edu>
CC: Tom Cavin <cavin@mit.edu>
Hi,
I've just notices some changes in the default /etc/sshd_config file and I
wanted to get some background for them.
The first thing I noticed is that the file is apparently under RCS control
(with the /etc/sshd_config,v file), and the installed version is different
from the latest version in the RCS file.
Is the sshd_config,v file be part of the release?
Should the sshd_config file be the latest version?
The second thing I noticed is that the format now seems to use both ssh
protocol version 1 and version 2. I assume that this is a good thing, and
I am wondering about the differences.
What are the benefits of protocol version 2 over the previous version?
The third thing I noticed is that RSAAuthentication is turned off by
default. Up until this point I had been using RSAAuthentication via
ssh-agent with /root/.ssh/authorized_keys files to gain root access on the
systems that I support that do not have their own srvtab records. (I use
the same technique to access non-Athena Unix systems.)
Is there a problem with setting "RSAAuthentication yes" ?
If so, is there another preferred method of granting such access for
systems without srvtab or krb5.keytab files?
Is the "PubkeyAuthentication" the equivalent for protocol version 2?
I'd be delighted to have either answers to these questions or pointers to
the documentation. I still need reasonable root access to a large number
of systems with different root passwords and would like to be able to use
something like the old ssh-agent/RSAAuthentication scheme for the hosts I
support that don't have srvtabs.
Thanks,
--Tom
--
Tom Cavin Phone: (617) 258 - 7806
Computer Operations Manager Email: cavin@mit.edu
MIT - Whitaker College Computer Facility or tec@ai.mit.edu
