[arch-dev-public] [signoff] openssh-5.7p1-1
Tobias Powalowski
t.powa at gmx.de
Wed Jan 26 06:17:31 EST 2011
Am Mittwoch 26 Januar 2011 schrieb Guillaume ALAUX:
> On Wed, 2011-01-26 at 11:38 +0100, Gaetan Bisson wrote:
> > [2011-01-26 11:29:56 +0100] Guillaume ALAUX:
> > > We reverted back to the upstream conf to follow the Arch idea. We
> > > implicitly say "Power user, do your job when installing a SSH server".
> > > I understand your concern about minimum security but user should know
> > > how to configure an openSSH server if they need one. And if they don't
> > > maybe let's add an secure example in the wiki.
> >
> > Just to clarify: The default sshd_config from upstream *is* secure.
> >
> > We are just talking about enabling (or not) features by default.
> >
> >
> > Just to clarify: The default sshd_config from upstream *is* secure.
>
> Agree
>
> > We are just talking about enabling (or not) features by default.
>
> I think we should leave it as is but I don't really mind.
> --
> Guillaume
Now checked ubuntu too,
USEPAM is enabled in most major distros, PAM is invoked in every login in
Archlinux so I don't see a reason to not enable it by default.
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Shall we vote about it?
greetings
tpowa
--
Tobias Powalowski
Archlinux Developer & Package Maintainer (tpowa)
http://www.archlinux.org
tpowa at archlinux.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20110126/c64aa664/attachment.asc>
More information about the arch-dev-public
mailing list