Public repo to distribute scripts and config's
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

125 lignes
3.2 KiB

  1. # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
  2. # This is the sshd server system-wide configuration file. See
  3. # sshd_config(5) for more information.
  4. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  5. # The strategy used for options in the default sshd_config shipped with
  6. # OpenSSH is to specify options with their default value where
  7. # possible, but leave them commented. Uncommented options override the
  8. # default value.
  9. Include /etc/ssh/sshd_config.d/*.conf
  10. Port 34022
  11. #AddressFamily any
  12. #ListenAddress 0.0.0.0
  13. #ListenAddress ::
  14. #HostKey /etc/ssh/ssh_host_rsa_key
  15. #HostKey /etc/ssh/ssh_host_ecdsa_key
  16. #HostKey /etc/ssh/ssh_host_ed25519_key
  17. # Ciphers and keying
  18. #RekeyLimit default none
  19. # Logging
  20. #SyslogFacility AUTH
  21. #LogLevel INFO
  22. # Authentication:
  23. LoginGraceTime 60
  24. PermitRootLogin no
  25. #StrictModes yes
  26. #MaxAuthTries 6
  27. #MaxSessions 10
  28. #PubkeyAuthentication yes
  29. # Expect .ssh/authorized_keys2 to be disregarded by default in future.
  30. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
  31. #AuthorizedPrincipalsFile none
  32. #AuthorizedKeysCommand none
  33. #AuthorizedKeysCommandUser nobody
  34. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  35. #HostbasedAuthentication no
  36. # Change to yes if you don't trust ~/.ssh/known_hosts for
  37. # HostbasedAuthentication
  38. #IgnoreUserKnownHosts no
  39. # Don't read the user's ~/.rhosts and ~/.shosts files
  40. #IgnoreRhosts yes
  41. # To disable tunneled clear text passwords, change to no here!
  42. PasswordAuthentication no
  43. PermitEmptyPasswords no
  44. # Change to yes to enable challenge-response passwords (beware issues with
  45. # some PAM modules and threads)
  46. ChallengeResponseAuthentication no
  47. # Kerberos options
  48. #KerberosAuthentication no
  49. #KerberosOrLocalPasswd yes
  50. #KerberosTicketCleanup yes
  51. #KerberosGetAFSToken no
  52. # GSSAPI options
  53. #GSSAPIAuthentication no
  54. #GSSAPICleanupCredentials yes
  55. #GSSAPIStrictAcceptorCheck yes
  56. #GSSAPIKeyExchange no
  57. # Set this to 'yes' to enable PAM authentication, account processing,
  58. # and session processing. If this is enabled, PAM authentication will
  59. # be allowed through the ChallengeResponseAuthentication and
  60. # PasswordAuthentication. Depending on your PAM configuration,
  61. # PAM authentication via ChallengeResponseAuthentication may bypass
  62. # the setting of "PermitRootLogin without-password".
  63. # If you just want the PAM account and session checks to run without
  64. # PAM authentication, then enable this but set PasswordAuthentication
  65. # and ChallengeResponseAuthentication to 'no'.
  66. UsePAM yes
  67. #AllowAgentForwarding yes
  68. #AllowTcpForwarding yes
  69. #GatewayPorts no
  70. X11Forwarding no
  71. #X11DisplayOffset 10
  72. #X11UseLocalhost yes
  73. #PermitTTY yes
  74. PrintMotd no
  75. #PrintLastLog yes
  76. #TCPKeepAlive yes
  77. #PermitUserEnvironment no
  78. #Compression delayed
  79. #ClientAliveInterval 0
  80. #ClientAliveCountMax 3
  81. #UseDNS no
  82. #PidFile /var/run/sshd.pid
  83. #MaxStartups 10:30:100
  84. #PermitTunnel no
  85. #ChrootDirectory none
  86. #VersionAddendum none
  87. # no default banner path
  88. #Banner none
  89. # Allow client to pass locale environment variables
  90. AcceptEnv LANG LC_*
  91. # override default of no subsystems
  92. Subsystem sftp /usr/lib/openssh/sftp-server
  93. # Example of overriding settings on a per-user basis
  94. #Match User anoncvs
  95. # X11Forwarding no
  96. # AllowTcpForwarding no
  97. # PermitTTY no
  98. # ForceCommand cvs server
  99. #PasswordAuthentication yes