Bugzilla – Attachment 1978 Details for
Bug 1846
wishlist: [PATCH] sshd_config - reformat for easier reading
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to reformat sshd_config
0001-sshd_config-Reformat-configuration-in-sections.patch (text/plain), 6.91 KB, created by
Jari Aalto
on 2010-12-22 00:00:58 AEDT
(
hide
)
Description:
Patch to reformat sshd_config
Filename:
MIME Type:
Creator:
Jari Aalto
Created:
2010-12-22 00:00:58 AEDT
Size:
6.91 KB
patch
obsolete
>From 3f8fdb953739ae5cbab4f3ffdd73c3be14829042 Mon Sep 17 00:00:00 2001 >From: Jari Aalto <jari.aalto@cante.net> >Date: Tue, 21 Dec 2010 14:52:55 +0200 >Subject: [PATCH] sshd_config: Reformat configuration in sections. >Organization: Private >Content-Type: text/plain; charset="utf-8" >Content-Transfer-Encoding: 8bit > >Add section breaks to help finding visual cues. Indent standard text >to column 8 (position of tab) and leave configuration examples to the left. >Add new example: how to restrict root login only inside local LAN. > >Signed-off-by: Jari Aalto <jari.aalto@cante.net> >--- > sshd_config | 120 ++++++++++++++++++++++++++++++++++++----------------------- > 1 files changed, 73 insertions(+), 47 deletions(-) > >diff --git a/sshd_config b/sshd_config >index 4534841..b8a4c07 100644 >--- a/sshd_config >+++ b/sshd_config >@@ -1,87 +1,103 @@ >-# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ >- >-# This is the sshd server system-wide configuration file. See >-# sshd_config(5) for more information. >- >-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin >- >-# The strategy used for options in the default sshd_config shipped with >-# OpenSSH is to specify options with their default value where >-# possible, but leave them commented. Uncommented options change a >-# default value. >- >-#Port 22 >+# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ >+# >+# This is the sshd server system-wide configuration file. See >+# sshd_config(5) for more information. >+# >+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin >+# The strategy used for options in the default sshd_config >+# shipped with OpenSSH is to specify options with their default >+# value where possible, but leave them commented. Uncommented >+# options change a default value. >+ >+############################################################################ >+# General >+############################################################################ >+ >+# Port 22 > #AddressFamily any > #ListenAddress 0.0.0.0 > #ListenAddress :: > >-# The default requires explicit activation of protocol 1 >+# The default requires explicit activation of protocol 1 > #Protocol 2 > >-# HostKey for protocol version 1 >+# HostKey for protocol version 1 > #HostKey /etc/ssh/ssh_host_key >-# HostKeys for protocol version 2 >+ >+# HostKeys for protocol version 2 > #HostKey /etc/ssh/ssh_host_rsa_key > #HostKey /etc/ssh/ssh_host_dsa_key > #HostKey /etc/ssh/ssh_host_ecdsa_key > >-# Lifetime and size of ephemeral version 1 server key >+# Lifetime and size of ephemeral version 1 server key > #KeyRegenerationInterval 1h > #ServerKeyBits 1024 > >-# Logging >-# obsoletes QuietMode and FascistLogging >+############################################################################ >+# Logging >+############################################################################ >+ >+# obsoletes QuietMode and FascistLogging > #SyslogFacility AUTH > #LogLevel INFO > >-# Authentication: >+############################################################################ >+# Authentication >+############################################################################ > > #LoginGraceTime 2m > #PermitRootLogin yes > #StrictModes yes > #MaxAuthTries 6 > #MaxSessions 10 >- > #RSAAuthentication yes > #PubkeyAuthentication yes >-#AuthorizedKeysFile .ssh/authorized_keys >+#AuthorizedKeysFile .ssh/authorized_keys > >-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts >+# For this to work you will also need host keys in >+# /etc/ssh/ssh_known_hosts > #RhostsRSAAuthentication no >-# similar for protocol version 2 >+ >+# similar for protocol version 2 > #HostbasedAuthentication no >-# Change to yes if you don't trust ~/.ssh/known_hosts for >-# RhostsRSAAuthentication and HostbasedAuthentication >+ >+# Change to yes if you don't trust ~/.ssh/known_hosts for >+# RhostsRSAAuthentication and HostbasedAuthentication > #IgnoreUserKnownHosts no >-# Don't read the user's ~/.rhosts and ~/.shosts files >+ >+# Don't read the user's ~/.rhosts and ~/.shosts files > #IgnoreRhosts yes > >-# To disable tunneled clear text passwords, change to no here! >+# To disable tunneled clear text passwords, change to no here! > #PasswordAuthentication yes > #PermitEmptyPasswords no > >-# Change to no to disable s/key passwords >+# Change to no to disable s/key passwords > #ChallengeResponseAuthentication yes > >-# Kerberos options >+# Kerberos options > #KerberosAuthentication no > #KerberosOrLocalPasswd yes > #KerberosTicketCleanup yes > #KerberosGetAFSToken no > >-# GSSAPI options >+# GSSAPI options > #GSSAPIAuthentication no > #GSSAPICleanupCredentials yes > >-# Set this to 'yes' to enable PAM authentication, account processing, >-# and session processing. If this is enabled, PAM authentication will >-# be allowed through the ChallengeResponseAuthentication and >-# PasswordAuthentication. Depending on your PAM configuration, >-# PAM authentication via ChallengeResponseAuthentication may bypass >-# the setting of "PermitRootLogin without-password". >-# If you just want the PAM account and session checks to run without >-# PAM authentication, then enable this but set PasswordAuthentication >-# and ChallengeResponseAuthentication to 'no'. >+############################################################################ >+# Miscellaneous >+############################################################################ >+ >+# Set this to 'yes' to enable PAM authentication, account processing, >+# and session processing. If this is enabled, PAM authentication will >+# be allowed through the ChallengeResponseAuthentication and >+# PasswordAuthentication. Depending on your PAM configuration, >+# PAM authentication via ChallengeResponseAuthentication may bypass >+# the setting of "PermitRootLogin without-password". >+# If you just want the PAM account and session checks to run without >+# PAM authentication, then enable this but set PasswordAuthentication >+# and ChallengeResponseAuthentication to 'no'. > #UsePAM no > > #AllowAgentForwarding yes >@@ -105,14 +121,24 @@ > #PermitTunnel no > #ChrootDirectory none > >-# no default banner path >+# No default banner path > #Banner none > >-# override default of no subsystems >-Subsystem sftp /usr/libexec/sftp-server >+# Override default of no subsystems >+Subsystem sftp /usr/libexec/sftp-server > >-# Example of overriding settings on a per-user basis >+############################################################################ >+# Examples >+############################################################################ >+ >+# Example of overriding settings on a per-user basis > #Match User anoncvs >-# X11Forwarding no >-# AllowTcpForwarding no >-# ForceCommand cvs server >+# X11Forwarding no >+# AllowTcpForwarding no >+# ForceCommand cvs server >+ >+# Example of permitting root login only from local LAN >+#Match Address 192.168.1.0/26 >+# PermitRootLogin yes >+ >+# End of file >-- >1.7.2.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1978">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1846
:
1978
|
2172