[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [309] SavannahHosts: (MaxAuthTries, AcceptEnv) Update ssh
From: |
bob |
Subject: |
[Savannah-cvs] [309] SavannahHosts: (MaxAuthTries, AcceptEnv) Update sshd configuration. |
Date: |
Mon, 6 Feb 2017 18:13:07 -0500 (EST) |
Revision: 309
http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=309
Author: rwp
Date: 2017-02-06 18:10:58 -0500 (Mon, 06 Feb 2017)
Log Message:
-----------
SavannahHosts: (MaxAuthTries,AcceptEnv) Update sshd configuration.
Modified Paths:
--------------
trunk/sviki/SavannahHosts.mdwn
Modified: trunk/sviki/SavannahHosts.mdwn
===================================================================
--- trunk/sviki/SavannahHosts.mdwn 2017-01-10 22:09:40 UTC (rev 308)
+++ trunk/sviki/SavannahHosts.mdwn 2017-02-06 23:10:58 UTC (rev 309)
@@ -711,13 +711,26 @@
to the registered user email instead of the at savannah.gnu.org
address.)
-FIXME: Fix configuration of libpam for:
-2016 Sep 22 14:30:02 vcs0 PAM service(sshd) ignoring max retries; 6 > 3
-2016 Sep 22 14:43:14 vcs0 PAM service(sshd) ignoring max retries; 6 > 3
-2016 Sep 23 08:26:52 vcs0 fatal: Read from socket failed: Connection reset by
peer [preauth]
-2016 Sep 24 02:40:23 vcs0 fatal: Read from socket failed: Connection reset by
peer [preauth]
-Both wall obnoxiously.
+The Trisquel PAM configuration sets max retries at 3 while ssh by
+default uses 6. This causes a config where pam will start warning
+about excess attempts when ssh should be reacting to the status passed
+through pam. The fix seems to be a newer ssh but we are on the
+Trisquel LTS security stream. A workaround is to tell ssh to limit
+the number of retries.
+ File /etc/ssh/sshd_config
+ # Prevent endless of these messages being logged.
+ # 2017 Jan 14 21:52:48 vcs0 PAM service(sshd) ignoring max retries; 6 > 3
+ MaxAuthTries 3
+
+Prevent ssh from passing through LANG and LC_* so as to avoid
+ungenerated locales on the local server from being seen by the perl
+script sv_membersh script used for access control.
+
+ File /etc/ssh/sshd_config
+ AcceptEnv LANG LC_*
+
+
### Subsystem Rsync
All of the version control services use rsync to make raw copies of
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [309] SavannahHosts: (MaxAuthTries, AcceptEnv) Update sshd configuration.,
bob <=