[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [311] SavnanahHosts: (MaxAuthTries, AceptEnv) Same update
|
From: |
bob |
|
Subject: |
[Savannah-cvs] [311] SavnanahHosts: (MaxAuthTries, AceptEnv) Same update for other VM. |
|
Date: |
Mon, 6 Feb 2017 18:23:57 -0500 (EST) |
Revision: 311
http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=311
Author: rwp
Date: 2017-02-06 18:21:49 -0500 (Mon, 06 Feb 2017)
Log Message:
-----------
SavnanahHosts: (MaxAuthTries,AceptEnv) Same update for other VM.
Modified Paths:
--------------
trunk/sviki/SavannahHosts.mdwn
Modified: trunk/sviki/SavannahHosts.mdwn
===================================================================
--- trunk/sviki/SavannahHosts.mdwn 2017-02-06 23:14:41 UTC (rev 310)
+++ trunk/sviki/SavannahHosts.mdwn 2017-02-06 23:21:49 UTC (rev 311)
@@ -1100,6 +1100,26 @@
echo 'allow ^208\.118\.235\.77$' >> /etc/munin/munin-node.conf
service munin-node restart
+The Trisquel PAM configuration sets max retries at 3 while ssh by
+default uses 6. This causes a config where pam will start warning
+about excess attempts when ssh should be reacting to the status passed
+through pam. The fix seems to be a newer ssh but we are on the
+Trisquel LTS security stream. A workaround is to tell ssh to limit
+the number of retries.
+
+ File /etc/ssh/sshd_config
+ # Prevent endless of these messages being logged.
+ # 2017 Jan 14 21:52:48 vcs0 PAM service(sshd) ignoring max retries; 6 > 3
+ MaxAuthTries 3
+
+Prevent ssh from passing through LANG and LC_* so as to avoid
+ungenerated locales on the local server from being seen by the perl
+script sv_membersh script used for access control.
+
+ File /etc/ssh/sshd_config
+ #AcceptEnv LANG LC_*
+ ...sshd defaults to not accepting any environment variables
+
TO-DO Items
-----------
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [311] SavnanahHosts: (MaxAuthTries, AceptEnv) Same update for other VM.,
bob <=