1 changed files with 6 additions and 100 deletions
Unified View
Diff Options
-
+6 -100sshd_config
+ 6
- 100
sshd_config
View File
| @@ -3,122 +3,28 @@ | |||||
| # This is the sshd server system-wide configuration file. See | # This is the sshd server system-wide configuration file. See | ||||
| # sshd_config(5) for more information. | # sshd_config(5) for more information. | ||||
| # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | |||||
| # The strategy used for options in the default sshd_config shipped with | |||||
| # OpenSSH is to specify options with their default value where | |||||
| # possible, but leave them commented. Uncommented options override the | |||||
| # default value. | |||||
| Include /etc/ssh/sshd_config.d/*.conf | Include /etc/ssh/sshd_config.d/*.conf | ||||
| Port 34022 | Port 34022 | ||||
| #AddressFamily any | |||||
| #ListenAddress 0.0.0.0 | |||||
| #ListenAddress :: | |||||
| #HostKey /etc/ssh/ssh_host_rsa_key | |||||
| #HostKey /etc/ssh/ssh_host_ecdsa_key | |||||
| #HostKey /etc/ssh/ssh_host_ed25519_key | |||||
| # Ciphers and keying | |||||
| #RekeyLimit default none | |||||
| # Logging | |||||
| #SyslogFacility AUTH | |||||
| #LogLevel INFO | |||||
| # Authentication: | # Authentication: | ||||
| LoginGraceTime 60 | LoginGraceTime 60 | ||||
| PermitRootLogin no | PermitRootLogin no | ||||
| #StrictModes yes | |||||
| #MaxAuthTries 6 | |||||
| #MaxSessions 10 | |||||
| #PubkeyAuthentication yes | |||||
| # Expect .ssh/authorized_keys2 to be disregarded by default in future. | |||||
| #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 | |||||
| MaxAuthTries 4 | |||||
| MaxSessions 10 | |||||
| #AuthorizedPrincipalsFile none | |||||
| PubkeyAuthentication yes | |||||
| #AuthorizedKeysCommand none | |||||
| #AuthorizedKeysCommandUser nobody | |||||
| # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | |||||
| #HostbasedAuthentication no | |||||
| # Change to yes if you don't trust ~/.ssh/known_hosts for | |||||
| # HostbasedAuthentication | |||||
| #IgnoreUserKnownHosts no | |||||
| # Don't read the user's ~/.rhosts and ~/.shosts files | |||||
| #IgnoreRhosts yes | |||||
| # To disable tunneled clear text passwords, change to no here! | |||||
| # Disable all password-based auth | |||||
| PasswordAuthentication no | PasswordAuthentication no | ||||
| PermitEmptyPasswords no | PermitEmptyPasswords no | ||||
| KbdInteractiveAuthentication no | |||||
| # Change to yes to enable challenge-response passwords (beware issues with | |||||
| # some PAM modules and threads) | |||||
| ChallengeResponseAuthentication no | |||||
| # Kerberos options | |||||
| #KerberosAuthentication no | |||||
| #KerberosOrLocalPasswd yes | |||||
| #KerberosTicketCleanup yes | |||||
| #KerberosGetAFSToken no | |||||
| # GSSAPI options | |||||
| #GSSAPIAuthentication no | |||||
| #GSSAPICleanupCredentials yes | |||||
| #GSSAPIStrictAcceptorCheck yes | |||||
| #GSSAPIKeyExchange no | |||||
| # Set this to 'yes' to enable PAM authentication, account processing, | |||||
| # and session processing. If this is enabled, PAM authentication will | |||||
| # be allowed through the ChallengeResponseAuthentication and | |||||
| # PasswordAuthentication. Depending on your PAM configuration, | |||||
| # PAM authentication via ChallengeResponseAuthentication may bypass | |||||
| # the setting of "PermitRootLogin without-password". | |||||
| # If you just want the PAM account and session checks to run without | |||||
| # PAM authentication, then enable this but set PasswordAuthentication | |||||
| # and ChallengeResponseAuthentication to 'no'. | |||||
| UsePAM yes | UsePAM yes | ||||
| #AllowAgentForwarding yes | |||||
| #AllowTcpForwarding yes | |||||
| #GatewayPorts no | |||||
| X11Forwarding no | X11Forwarding no | ||||
| #X11DisplayOffset 10 | |||||
| #X11UseLocalhost yes | |||||
| #PermitTTY yes | |||||
| PrintMotd no | PrintMotd no | ||||
| #PrintLastLog yes | |||||
| #TCPKeepAlive yes | |||||
| #PermitUserEnvironment no | |||||
| #Compression delayed | |||||
| #ClientAliveInterval 0 | |||||
| #ClientAliveCountMax 3 | |||||
| #UseDNS no | |||||
| #PidFile /var/run/sshd.pid | |||||
| #MaxStartups 10:30:100 | |||||
| #PermitTunnel no | |||||
| #ChrootDirectory none | |||||
| #VersionAddendum none | |||||
| # no default banner path | |||||
| #Banner none | |||||
| # Allow client to pass locale environment variables | |||||
| AcceptEnv LANG LC_* | AcceptEnv LANG LC_* | ||||
| # override default of no subsystems | |||||
| Subsystem sftp /usr/lib/openssh/sftp-server | |||||
| # Example of overriding settings on a per-user basis | |||||
| #Match User anoncvs | |||||
| # X11Forwarding no | |||||
| # AllowTcpForwarding no | |||||
| # PermitTTY no | |||||
| # ForceCommand cvs server | |||||
| #PasswordAuthentication yes | |||||
| Subsystem sftp /usr/lib/openssh/sftp-server | |||||