Hi, Thanks for explaining that.
I've edited the protocol line in
/etc/ssh/ssh_config
It now reads
Protocol 2
Instead of Protocol 2,1
The result is "SSH-2.0-OpenSSH_3.7.1p2"
I've tested this with remote SSH software (putty) and protocol one is denied access.
I have one other question though regarding your comment on PAM and version p2.
According to this article:
http://www.kb.cert.org/vuls/id/602204
p2 was the fix for the PAM issue?
Or was there another later issue with PAM and p2.
This is a section from my sshd_config
As I understand uncomment lines are the default values.
Excluding for the last section on PAM enabling and thus disabling PasswordAuthentication.
Does this look to be secure?
# Authentication:
#LoginGraceTime 600
PermitRootLogin no
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes