* in /etc/ssh/sshd_config:
** disable the DSA hostkey, so that it only does RSA
-** remove old host keys: <BR>{{{
- cd /etc/ssh/ && rm ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub
-}}}
+** remove old host keys:
** disable X11 forwarding
** Tell it to use alternate authorized_keys locations
-{{{
- | HostKey /etc/ssh/ssh_host_rsa_key
- | X11Forwarding no
- | AuthorizedKeysFile /etc/ssh/userkeys/%u
- | AuthorizedKeysFile2 /var/lib/misc/userkeys/%u
-
- vi /etc/ssh/sshd_config
+** maybe link root's auth key there:
+{{{
+ #| HostKey /etc/ssh/ssh_host_rsa_key
+ #| X11Forwarding no
+ #| AuthorizedKeysFile /etc/ssh/userkeys/%u
+ #| AuthorizedKeysFile2 /var/lib/misc/userkeys/%u
+
+ cd /etc/ssh/ && rm -f ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub &&
+ mkdir -p /etc/ssh/userkeys && ln -s /root/.ssh/authorized_keys /etc/ssh/userkeys/root &&
+ sed -e -i 's/^HostKey.*_dsa_key/# &/;
+ s/^X11Forwarding yes/X11Forwarding no/;
+ $ a AuthorizedKeysFile /etc/ssh/userkeys/%u
+ $ a AuthorizedKeysFile2 /var/lib/misc/userkeys/%u' sshd_config &&
(cd / && env -i /etc/init.d/ssh restart)
}}}
- * maybe link root's auth key there:
-{{{
- mkdir -p /etc/ssh/userkeys && ln -s /root/.ssh/authorized_keys /etc/ssh/userkeys/root
-}}}
* install userdir-ldap