[Savannah-cvs] [309] SavannahHosts: (MaxAuthTries, AcceptEnv) Update ssh

savannah-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-cvs] [309] SavannahHosts: (MaxAuthTries, AcceptEnv) Update ssh

From:	bob
Subject:	[Savannah-cvs] [309] SavannahHosts: (MaxAuthTries, AcceptEnv) Update sshd configuration.
Date:	Mon, 6 Feb 2017 18:13:07 -0500 (EST)

Revision: 309
          
http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=309
Author:   rwp
Date:     2017-02-06 18:10:58 -0500 (Mon, 06 Feb 2017)
Log Message:
-----------
SavannahHosts: (MaxAuthTries,AcceptEnv) Update sshd configuration.

Modified Paths:
--------------
    trunk/sviki/SavannahHosts.mdwn

Modified: trunk/sviki/SavannahHosts.mdwn
===================================================================
--- trunk/sviki/SavannahHosts.mdwn      2017-01-10 22:09:40 UTC (rev 308)
+++ trunk/sviki/SavannahHosts.mdwn      2017-02-06 23:10:58 UTC (rev 309)
@@ -711,13 +711,26 @@
 to the registered user email instead of the at savannah.gnu.org
 address.)
 
-FIXME: Fix configuration of libpam for:
-2016 Sep 22 14:30:02 vcs0 PAM service(sshd) ignoring max retries; 6 > 3
-2016 Sep 22 14:43:14 vcs0 PAM service(sshd) ignoring max retries; 6 > 3
-2016 Sep 23 08:26:52 vcs0 fatal: Read from socket failed: Connection reset by 
peer [preauth]
-2016 Sep 24 02:40:23 vcs0 fatal: Read from socket failed: Connection reset by 
peer [preauth]
-Both wall obnoxiously.
+The Trisquel PAM configuration sets max retries at 3 while ssh by
+default uses 6.  This causes a config where pam will start warning
+about excess attempts when ssh should be reacting to the status passed
+through pam.  The fix seems to be a newer ssh but we are on the
+Trisquel LTS security stream.  A workaround is to tell ssh to limit
+the number of retries.
 
+    File /etc/ssh/sshd_config
+    # Prevent endless of these messages being logged.
+    #   2017 Jan 14 21:52:48 vcs0 PAM service(sshd) ignoring max retries; 6 > 3
+    MaxAuthTries 3
+
+Prevent ssh from passing through LANG and LC_* so as to avoid
+ungenerated locales on the local server from being seen by the perl
+script sv_membersh script used for access control.
+
+    File /etc/ssh/sshd_config
+    AcceptEnv LANG LC_*
+
+
 ### Subsystem Rsync
 
 All of the version control services use rsync to make raw copies of

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-cvs] [309] SavannahHosts: (MaxAuthTries, AcceptEnv) Update sshd configuration., bob <=

Prev by Date: [Savannah-cvs] [SCM] Savane clean-up fork from main live savane branch, master, updated. fdbcef9101543292fa9a1acbfb0c2aa53ab2b9f0
Next by Date: [Savannah-cvs] [310] SavnanahHosts: (AceptEnv) Fix typo reversing meaning.
Previous by thread: [Savannah-cvs] [SCM] Savane clean-up fork from main live savane branch, master, updated. fdbcef9101543292fa9a1acbfb0c2aa53ab2b9f0
Next by thread: [Savannah-cvs] [310] SavnanahHosts: (AceptEnv) Fix typo reversing meaning.
Index(es):
- Date
- Thread