Attachment 3376 Details for Bug 3148 – /etc/ssh/sshd_config

/etc/ssh/sshd_config

sshd_config (text/plain), 3.17 KB, created by Anderson Medeiros Gomes on 2020-04-14 17:25:36 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Anderson Medeiros Gomes

Created: 2020-04-14 17:25:36 AEST

Size: 3.17 KB

patch

obsolete

>#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
>
># This is the sshd server system-wide configuration file.  See
># sshd_config(5) for more information.
>
># This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
>
># The strategy used for options in the default sshd_config shipped with
># OpenSSH is to specify options with their default value where
># possible, but leave them commented.  Uncommented options override the
># default value.
>
>#Port 22
>#AddressFamily any
>#ListenAddress 0.0.0.0
>#ListenAddress ::
>
>#HostKey /etc/ssh/ssh_host_rsa_key
>#HostKey /etc/ssh/ssh_host_ecdsa_key
>#HostKey /etc/ssh/ssh_host_ed25519_key
>
># Ciphers and keying
>#RekeyLimit default none
>
># Logging
>#SyslogFacility AUTH
>#LogLevel INFO
>
># Authentication:
>
>#LoginGraceTime 2m
>PermitRootLogin yes
>#StrictModes yes
>#MaxAuthTries 6
>#MaxSessions 10
>
>PubkeyAuthentication yes
>
># The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
># but this is overridden so installations will only check .ssh/authorized_keys
>AuthorizedKeysFile	.ssh/authorized_keys
>
>#AuthorizedPrincipalsFile none
>
>#AuthorizedKeysCommand none
>#AuthorizedKeysCommandUser nobody
>
># For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
>HostbasedAuthentication yes
># Change to yes if you don't trust ~/.ssh/known_hosts for
># HostbasedAuthentication
>IgnoreUserKnownHosts yes
># Don't read the user's ~/.rhosts and ~/.shosts files
>IgnoreRhosts yes
>
>AuthenticationMethods hostbased,publickey hostbased,keyboard-interactive hostbased,password
>HostbasedUsesNameFromPacketOnly yes
>
># To disable tunneled clear text passwords, change to no here!
>PasswordAuthentication yes
>PermitEmptyPasswords no
>
># Change to no to disable s/key passwords
>ChallengeResponseAuthentication no
>
># Kerberos options
>#KerberosAuthentication no
>#KerberosOrLocalPasswd yes
>#KerberosTicketCleanup yes
>#KerberosGetAFSToken no
>
># GSSAPI options
>#GSSAPIAuthentication no
>#GSSAPICleanupCredentials yes
>
># Set this to 'yes' to enable PAM authentication, account processing,
># and session processing. If this is enabled, PAM authentication will
># be allowed through the ChallengeResponseAuthentication and
># PasswordAuthentication.  Depending on your PAM configuration,
># PAM authentication via ChallengeResponseAuthentication may bypass
># the setting of "PermitRootLogin without-password".
># If you just want the PAM account and session checks to run without
># PAM authentication, then enable this but set PasswordAuthentication
># and ChallengeResponseAuthentication to 'no'.
>UsePAM yes
>
>#AllowAgentForwarding yes
>#AllowTcpForwarding yes
>#GatewayPorts no
>#X11Forwarding no
>#X11DisplayOffset 10
>#X11UseLocalhost yes
>#PermitTTY yes
>PrintMotd no # pam does that
>#PrintLastLog yes
>#TCPKeepAlive yes
>#PermitUserEnvironment no
>#Compression delayed
>#ClientAliveInterval 0
>#ClientAliveCountMax 3
>UseDNS no
>#PidFile /run/sshd.pid
>#MaxStartups 10:30:100
>#PermitTunnel no
>#ChrootDirectory none
>#VersionAddendum none
>
># no default banner path
>#Banner none
>
># override default of no subsystems
>Subsystem	sftp	/usr/lib/ssh/sftp-server
>
># Example of overriding settings on a per-user basis
>#Match User anoncvs
>#	X11Forwarding no
>#	AllowTcpForwarding no
>#	PermitTTY no
>#	ForceCommand cvs server

Actions: View

Attachments on bug 3148: 3376 | 3377 | 3378 | 3379 | 3380 | 3381