Hosting Provided By

Re: ssh configuration problem

From: Ed J. Aivazian <stealth(at)arminco.com>
Date: Thu Jul 24 2003 - 04:14:01 EDT

Hello mehul,
Run sshd with debug option, show the output. Follow the instructions. (from man sshd)

       -d debug_level_spec
              Debug  mode.   The  server sends verbose debug output to stderr.  This option is only
              intended for debugging for the server.  The debugging level is either a number, or  a
              comma-separated  list of assignments "ModulePattern=debug_level".  This should be the
              first argument on the command line.

Wednesday, July 23, 2003, 2:29:00 PM, you wrote:

mc> i am having linux box with RedHat 7.2 OS. i downloaded 
mc> openssh-3.6p1
mc> source, compiled it and installed it. then i changed the 
mc> sshd_config file
mc> after this when i tried to restart the sshd service it fails 
mc> when
mc> starting sshd service.

mc>      waiting for reply.

mc> mehul.

mc> the contents of the sshd_config files are as follows :-

mc> # $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $

mc> # This is the sshd server system-wide configuration file. See mc> # sshd_config(5) for more information.

mc> # This sshd was compiled with
mc> PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

mc> # The strategy used for options in the default sshd_config shipped 
mc> with
mc> # OpenSSH is to specify options with their default value where
mc> # possible, but leave them commented.  Uncommented options change 
mc> a
mc> # default value.

mc> Port 22
mc> #Protocol 2,1
mc> Protocol 2

mc> #ListenAddress 0.0.0.0
mc> #ListenAddress ::

mc> # HostKey for protocol version 1
mc> #HostKey /usr/local/etc/ssh_host_key
mc> # HostKeys for protocol version 2
mc> HostKey /usr/local/etc/ssh_host_rsa_key
mc> HostKey /usr/local/etc/ssh_host_dsa_key

mc> # Lifetime and size of ephemeral version 1 server key

mc> KeyRegenerationInterval 3600
mc> ServerKeyBits 768

mc> # Logging
mc> #obsoletes QuietMode and FascistLogging
mc> SyslogFacility AUTH
mc> LogLevel INFO

Do you need help?

mc> # Authentication:

mc> LoginGraceTime 120
mc> PermitRootLogin no
mc> StrictModes yes

mc> RSAAuthentication yes
mc> PubkeyAuthentication yes
mc> AuthorizedKeysFile      .ssh/authorized_keys

mc> # rhosts authentication should not be used
mc> RhostsAuthentication no
mc> # Don't read the user's ~/.rhosts and ~/.shosts files
mc> #IgnoreRhosts yes
mc> # For this to work you will also need host keys in 
mc> /usr/local/etc/ssh_known_hosts
mc> #RhostsRSAAuthentication no
mc> # similar for protocol version 2
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
mc> #HostbasedAuthentication no
mc> # Change to yes if you don't trust ~/.ssh/known_hosts for

mc> # RhostsRSAAuthentication and HostbasedAuthentication mc> #IgnoreUserKnownHosts no

mc> # To disable tunneled clear text passwords, change to no here!
mc> PasswordAuthentication no
mc> #PermitEmptyPasswords no

mc> # Change to no to disable s/key passwords mc> ChallengeResponseAuthentication yes

mc> # Kerberos options
mc> #KerberosAuthentication no
mc> #KerberosOrLocalPasswd yes
mc> #KerberosTicketCleanup yes

mc> #AFSTokenPassing no

mc> # Kerberos TGT Passing only works with the AFS kaserver mc> #KerberosTgtPassing no

mc> # Set this to 'yes' to enable PAM keyboard-interactive 
mc> authentication
mc> # Warning: enabling this may bypass the setting of 
mc> 'PasswordAuthentication'
mc> #PAMAuthenticationViaKbdInt no

mc> #X11Forwarding no
mc> #X11DisplayOffset 10
mc> #X11UseLocalhost yes
mc> #PrintMotd yes
mc> #PrintLastLog yes
mc> #KeepAlive yes
mc> #UseLogin no
mc> #UsePrivilegeSeparation yes

mc> #PermitUserEnvironment no
mc> Compression yes

mc> #MaxStartups 10
mc> # no default banner path
mc> #Banner /some/path
mc> #VerifyReverseMapping no

mc> # override default of no subsystems
mc> Subsystem       sftp    /usr/local/libexec/sftp-server


mc> ___________________________________________________
mc> Download the hottest & happening ringtones here!
mc> OR SMS: Top tone to 7333

mc> Click here now:
mc> http://sms.rediff.com/cgi-bin/ringtone/ringhome.pl

-- 
Best regards,
 Ed                            mailto:stealth@arminco.com

Received on Thu Jul 24 11:58:04 2003

This message: [ Message body ]
Next message: Sumit Malhotra: "RE: redhat7.3 login ?"
Previous message: mehul choube: "openssh-3.6p1"
In reply to: mehul choube: "ssh configuration problem"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:01 EDT