-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Salut la ml
Je cherche � configurer un serveur openssh (v3.5p1)
Voici ma config
sshd_config
- -------------
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
# This is the sshd server system-wide configuration file. See #
sshd_config(5) for more information.
# This sshd was compiled with
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# The strategy used for options in the default sshd_config shipped
with # OpenSSH is to specify options with their default value where #
possible, but leave them commented. Uncommented options change a #
default value.
Port 22
Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 10.0.0.1
ListenAddress 10.0.1.1
# HostKey for protocol version 1
HostKey /usr/local/etc/sshd/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/local/etc/sshd/ssh_host_rsa_key
HostKey /usr/local/etc/sshd/ssh_host_dsa_key
#Pid file
PidFile /var/run/sshd.pid
# Keep alive
KeepAlive yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600 ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
#Ciphers
Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256
- -cbc
#MACs
MACs hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
#Strict mode
StrictModes no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts
yes # For this to work you will also need host keys in
/usr/local/etc/ssh_known_hosts RhostsRSAAuthentication no # similar
for protocol version 2 HostbasedAuthentication no # Change to yes if
you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and
HostbasedAuthentication IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication' PAMAuthenticationViaKbdInt no
#X11 Forwarding
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#Controle d'acces aux compte
AllowUsers root
AllowUsers duquenoy
AllowUsers pascal
DenyUsers webmin
DenyUsers nobody
DenyUsers bin
DenyUsers daemon
DenyUsers adm
DenyUsers lp
DenyUsers mail
DenyUsers news
DenyUsers uucp
DenyUsers shutdown
DenyUsers halt
DenyUsers operator
DenyUsers games
DenyUsers ftp
DenyUsers gdm
DenyUsers printer
DenyUsers web
DenyUsers mysql
DenyUsers test
DenyUsers seti
DenyUsers admin
DenyUsers cesar
#Controle d'acces aux groupe
AllowGroups root
DenyGroups netforce
#Others
PrintMotd yes
#CheckMail yes
#Tranfert(Forwarding) ssh
AllowTcpForwarding yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/local/libexec/sftp-server
- -----------------
sshd_config
Mais voici ce qu'il me repond
cledoris:/etc/sshd# sshd -t -f ./sshd_config
Privilege separation user sshd does not exist cledoris:/etc/sshd#
Attention il existe un lien symbolique entre /etc/sshd et
/usr/local/etc/sshd
Toute aide sera la bien venue
Pascal Duquenoy
"""""
""""" (' o o `)
- ---ooO---------Ooo-----------ooO---(_)---Ooo---
o n'ayez plus peur - montrez-vous o
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPccBiiTeFgeT1M2OEQLQnwCgkYc4hIIu3efEox42ztx8Yjn6LvkAn3Ai
FnKGkbzUAzOX8poZpbEVKPb9
=2nBH
-----END PGP SIGNATURE-----
_______________________________________________________
Linux Mailing List - http://www.unixtech.be
Subscribe/Unsubscribe: http://www.unixtech.be/mailman/listinfo/linux
Archives: http://www.mail-archive.com/linux@;lists.unixtech.be
IRC: efnet.unixtech.be:6667 - #unixtech
