[SOLVED] sshd_config questions

Message

Kvetch · Post by **Kvetch** » Fri Jan 16, 2009 6:40 pm

I have a couple questions regarding my openssh installation. This is a new machine so I am hardening my default settings. My installation was compiled with the following use flags

Code: Select all

USE="X* kerberos* ldap* pam tcpd -X509 -hpn -libedit (-selinux) -skey -smartcard -static (-chroot%)"

I am not using Kerberos nor GSSAPI so I want to disable them in the conf

Code: Select all

KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
GSSAPIAuthentication no

but when I restart sshd I get an error stating

Code: Select all

/etc/ssh/sshd_config line 69: Unsupported option KerberosAuthentication
/etc/ssh/sshd_config line 75: Unsupported option GSSAPIAuthentication

Why are these unsupported (especially kerberos since it was compiled to use it)? Do I not have to uncomment and set to no then?

Also http://www.gentoo.org/proj/en/infrastru ... ig-ssh.xml mentions an option called

Code: Select all

PAMAuthenticationViaKbdInt no

Has this option been removed?

thanks

defenderBG · Post by **defenderBG** » Fri Jan 16, 2009 9:27 pm

can you post emerge -pv openssh?

it seems as if openssl was not compiled with kerberos installed.

Kvetch · Post by **Kvetch** » Mon Jan 19, 2009 2:54 am

Thanks defenderBG. Not sure what the issue was but I emerged upgraded openssh, it pulled down no dependencies, ran revdep-rebuild and everything corrected itself.