Bugzilla – Attachment 2172 Details for
Bug 1846
wishlist: [PATCH] sshd_config - reformat for easier reading
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to reformat sshd_config (CVS 2012-07-06 03:45:01)
0001-sshd_config-Reformat-configuration-in-sections.patch (text/plain), 6.84 KB, created by
Jari Aalto
on 2012-07-07 16:17:40 AEST
(
hide
)
Description:
Patch to reformat sshd_config (CVS 2012-07-06 03:45:01)
Filename:
MIME Type:
Creator:
Jari Aalto
Created:
2012-07-07 16:17:40 AEST
Size:
6.84 KB
patch
obsolete
>From d771bdae5ba3ab954b449e70aa1f28a19d36c340 Mon Sep 17 00:00:00 2001 >From: Jari Aalto <jari.aalto@cante.net> >Date: Sat, 7 Jul 2012 09:13:10 +0300 >Subject: [PATCH] sshd_config: Reformat configuration in sections >Organization: Private >Content-Type: text/plain; charset="utf-8" >Content-Transfer-Encoding: 8bit > >Signed-off-by: Jari Aalto <jari.aalto@cante.net> >--- > sshd_config | 118 +++++++++++++++++++++++++++++++++++++---------------------- > 1 file changed, 74 insertions(+), 44 deletions(-) > >diff --git a/sshd_config b/sshd_config >index ec3ca2a..77c31e8 100644 >--- a/sshd_config >+++ b/sshd_config >@@ -1,40 +1,49 @@ > # $OpenBSD: sshd_config,v 1.86 2012/04/12 02:43:55 djm Exp $ >- >-# This is the sshd server system-wide configuration file. See >-# sshd_config(5) for more information. >- >-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin >- >-# The strategy used for options in the default sshd_config shipped with >-# OpenSSH is to specify options with their default value where >-# possible, but leave them commented. Uncommented options override the >-# default value. >+# >+# This is the sshd server system-wide configuration file. See >+# sshd_config(5) for more information. >+# >+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin >+# The strategy used for options in the default sshd_config >+# shipped with OpenSSH is to specify options with their default >+# value where possible, but leave them commented. Uncommented >+# options change a default value. >+ >+############################################################################ >+# General >+############################################################################ > > #Port 22 > #AddressFamily any > #ListenAddress 0.0.0.0 > #ListenAddress :: > >-# The default requires explicit activation of protocol 1 >+# The default requires explicit activation of protocol 1 > #Protocol 2 > >-# HostKey for protocol version 1 >+# HostKey for protocol version 1 > #HostKey /etc/ssh/ssh_host_key >-# HostKeys for protocol version 2 >+ >+# HostKeys for protocol version 2 > #HostKey /etc/ssh/ssh_host_rsa_key > #HostKey /etc/ssh/ssh_host_dsa_key > #HostKey /etc/ssh/ssh_host_ecdsa_key > >-# Lifetime and size of ephemeral version 1 server key >+# Lifetime and size of ephemeral version 1 server key > #KeyRegenerationInterval 1h > #ServerKeyBits 1024 > >-# Logging >-# obsoletes QuietMode and FascistLogging >+############################################################################ >+# Logging >+############################################################################ >+ >+# obsoletes QuietMode and FascistLogging > #SyslogFacility AUTH > #LogLevel INFO > >-# Authentication: >+############################################################################ >+# Authentication >+############################################################################ > > #LoginGraceTime 2m > #PermitRootLogin yes >@@ -45,48 +54,57 @@ > #RSAAuthentication yes > #PubkeyAuthentication yes > >-# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 >-# but this is overridden so installations will only check .ssh/authorized_keys >+# The default is to check both .ssh/authorized_keys and >+# .ssh/authorized_keys2 but this is overridden so installations >+# will only check .ssh/authorized_keys > AuthorizedKeysFile .ssh/authorized_keys > > #AuthorizedPrincipalsFile none > >-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts >+# For this to work you will also need host keys in >+# /etc/ssh/ssh_known_hosts > #RhostsRSAAuthentication no >-# similar for protocol version 2 >+ >+# similar for protocol version 2 > #HostbasedAuthentication no >-# Change to yes if you don't trust ~/.ssh/known_hosts for >-# RhostsRSAAuthentication and HostbasedAuthentication >+ >+# Change to yes if you don't trust ~/.ssh/known_hosts for >+# RhostsRSAAuthentication and HostbasedAuthentication > #IgnoreUserKnownHosts no >-# Don't read the user's ~/.rhosts and ~/.shosts files >+ >+# Don't read the user's ~/.rhosts and ~/.shosts files > #IgnoreRhosts yes > >-# To disable tunneled clear text passwords, change to no here! >+# To disable tunneled clear text passwords, change to no here! > #PasswordAuthentication yes > #PermitEmptyPasswords no > >-# Change to no to disable s/key passwords >+# Change to no to disable s/key passwords > #ChallengeResponseAuthentication yes > >-# Kerberos options >+# Kerberos options > #KerberosAuthentication no > #KerberosOrLocalPasswd yes > #KerberosTicketCleanup yes > #KerberosGetAFSToken no > >-# GSSAPI options >+# GSSAPI options > #GSSAPIAuthentication no > #GSSAPICleanupCredentials yes > >-# Set this to 'yes' to enable PAM authentication, account processing, >-# and session processing. If this is enabled, PAM authentication will >-# be allowed through the ChallengeResponseAuthentication and >-# PasswordAuthentication. Depending on your PAM configuration, >-# PAM authentication via ChallengeResponseAuthentication may bypass >-# the setting of "PermitRootLogin without-password". >-# If you just want the PAM account and session checks to run without >-# PAM authentication, then enable this but set PasswordAuthentication >-# and ChallengeResponseAuthentication to 'no'. >+############################################################################ >+# Miscellaneous >+############################################################################ >+ >+# Set this to 'yes' to enable PAM authentication, account processing, >+# and session processing. If this is enabled, PAM authentication will >+# be allowed through the ChallengeResponseAuthentication and >+# PasswordAuthentication. Depending on your PAM configuration, >+# PAM authentication via ChallengeResponseAuthentication may bypass >+# the setting of "PermitRootLogin without-password". >+# If you just want the PAM account and session checks to run without >+# PAM authentication, then enable this but set PasswordAuthentication >+# and ChallengeResponseAuthentication to 'no'. > #UsePAM no > > #AllowAgentForwarding yes >@@ -111,14 +129,26 @@ AuthorizedKeysFile .ssh/authorized_keys > #ChrootDirectory none > #VersionAddendum none > >-# no default banner path >+# No default banner path > #Banner none > >-# override default of no subsystems >-Subsystem sftp /usr/libexec/sftp-server >+# Override default of no subsystems >+Subsystem sftp /usr/libexec/sftp-server >+ >+############################################################################ >+# Examples >+############################################################################ >+ >+# Example of overriding settings on a per-user basis > >-# Example of overriding settings on a per-user basis > #Match User anoncvs >-# X11Forwarding no >-# AllowTcpForwarding no >-# ForceCommand cvs server >+# X11Forwarding no >+# AllowTcpForwarding no >+# ForceCommand cvs server >+ >+# Example of permitting root login only from local LAN >+ >+#Match Address 192.168.1.0/26 >+# PermitRootLogin yes >+ >+# End of file >-- >1.7.10.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2172">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1846
:
1978
| 2172