# [SOLVED] sshd_config questions

## Kvetch

I have a couple questions regarding my openssh installation.  This is a new machine so I am hardening my default settings.  My installation was compiled with the following use flags

```
USE="X* kerberos* ldap* pam tcpd -X509 -hpn -libedit (-selinux) -skey -smartcard -static (-chroot%)"
```

I am not using Kerberos nor GSSAPI so I want to disable them in the conf

```
KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

# GSSAPI options

GSSAPIAuthentication no
```

but when I restart sshd I get an error stating

```
/etc/ssh/sshd_config line 69: Unsupported option KerberosAuthentication

/etc/ssh/sshd_config line 75: Unsupported option GSSAPIAuthentication 
```

Why are these unsupported (especially kerberos since it was compiled to use it)?  Do I not have to uncomment and set to no then?

Also http://www.gentoo.org/proj/en/infrastructure/config-ssh.xml mentions an option called 

```
PAMAuthenticationViaKbdInt no

```

Has this option been removed?

thanksLast edited by Kvetch on Mon Jan 19, 2009 2:54 am; edited 1 time in total

----------

## defenderBG

can you post emerge -pv openssh?

it seems as if openssl was not compiled with kerberos installed.

----------

## Kvetch

Thanks defenderBG.  Not sure what the issue was but I emerged upgraded openssh, it pulled down no dependencies, ran revdep-rebuild and everything corrected itself.

----------

