Difference between revisions of "OpenSSH"

From Palfrepedia
Jump to navigation Jump to search
(First save minimla details about blocking password auth)
 
m (Protected "OpenSSH" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
I'll expand this to something more comprehensive later but mainly wanted to record something odd that happened to me using [[Gentoo]].
I'll expand this to something more comprehensive later but mainly wanted to record something odd that happened to me using [[Gentoo]].
== When PasswordAuthetication=no is ignored ==
== When PasswordAuthetication=no is ignored ==
Set KeyboardInteractive to no
Set KeyboardInteractive to no in /etc/ssh/sshd_config
  <nowiki>
  <nowiki>
PasswordAuthentication no
PasswordAuthentication no
KbdInteractiveAuthentication no
KbdInteractiveAuthentication no</nowiki>
</nowiki>
== Cisco switch options ==
Set these options in $HOME/.ssh/config to be able to ssh onto [[Cisco Switches|Cisco switches]]. Shown where "switch" is the DNS hostname for the switch in question. If you aren't using DNS use an IP address here.
<nowiki>
Host switch
    KexAlgorithms +diffie-hellman-group1-sha1
    HostkeyAlgorithms +ssh-rsa
    Ciphers +3des-cbc
    ForwardX11 no</nowiki>

Latest revision as of 12:34, 28 April 2023

I'll expand this to something more comprehensive later but mainly wanted to record something odd that happened to me using Gentoo.

When PasswordAuthetication=no is ignored

Set KeyboardInteractive to no in /etc/ssh/sshd_config

PasswordAuthentication no
KbdInteractiveAuthentication no

Cisco switch options

Set these options in $HOME/.ssh/config to be able to ssh onto Cisco switches. Shown where "switch" is the DNS hostname for the switch in question. If you aren't using DNS use an IP address here.

Host switch
    KexAlgorithms +diffie-hellman-group1-sha1
    HostkeyAlgorithms +ssh-rsa
    Ciphers +3des-cbc
    ForwardX11 no