Bugzilla – Attachment 3633 Details for
Bug 3507
Cannot get host-based authentication to work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
server configuration
sshd_config (text/plain), 3.68 KB, created by
Thomas Koeller
on 2022-12-08 05:36:13 AEDT
(
hide
)
Description:
server configuration
Filename:
MIME Type:
Creator:
Thomas Koeller
Created:
2022-12-08 05:36:13 AEDT
Size:
3.68 KB
patch
obsolete
># $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ > ># This is the sshd server system-wide configuration file. See ># sshd_config(5) for more information. > ># This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin > ># The strategy used for options in the default sshd_config shipped with ># OpenSSH is to specify options with their default value where ># possible, but leave them commented. Uncommented options override the ># default value. > ># To modify the system-wide sshd configuration, create a *.conf file under ># /etc/ssh/sshd_config.d/ which will be automatically included below >Include /usr/local/etc/ssh/sshd_config.d/*.conf > ># If you want to change the port on a SELinux system, you have to tell ># SELinux about this change. ># semanage port -a -t ssh_port_t -p tcp #PORTNUMBER ># >#Port 22 >#AddressFamily any >#ListenAddress 127.0.0.1:22 >#ListenAddress [::1]:22 >ListenAddress 192.168.0.1:22 >ListenAddress [fd46:1ffa:d8e0::1]:22 > >HostKey /usr/local/etc/ssh/ssh_host_ed25519_key > >HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com > ># Ciphers and keying >#RekeyLimit default none > ># Logging >#SyslogFacility AUTH >LogLevel DEBUG > ># Authentication: > >#LoginGraceTime 2m >#PermitRootLogin prohibit-password >#StrictModes yes >#MaxAuthTries 6 >#MaxSessions 10 >#DenyUsers * > >#PubkeyAuthentication yes > ># The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 ># but this is overridden so installations will only check .ssh/authorized_keys >AuthorizedKeysFile .ssh/authorized_keys > >#AuthorizedPrincipalsFile none > >#AuthorizedKeysCommand none >#AuthorizedKeysCommandUser nobody > ># For this to work you will also need host keys in /etc/ssh/ssh_known_hosts >HostbasedAuthentication yes ># Change to yes if you don't trust ~/.ssh/known_hosts for ># HostbasedAuthentication >IgnoreUserKnownHosts yes ># Don't read the user's ~/.rhosts and ~/.shosts files >IgnoreRhosts yes > ># To disable tunneled clear text passwords, change to no here! >PasswordAuthentication no >#PermitEmptyPasswords no > ># Change to no to disable s/key passwords >KbdInteractiveAuthentication no > ># Kerberos options >#KerberosAuthentication no >#KerberosOrLocalPasswd yes >#KerberosTicketCleanup yes >#KerberosGetAFSToken no >#KerberosUseKuserok yes > ># GSSAPI options >#GSSAPIAuthentication no >#GSSAPICleanupCredentials yes >#GSSAPIStrictAcceptorCheck yes >#GSSAPIKeyExchange no >#GSSAPIEnablek5users no > ># Set this to 'yes' to enable PAM authentication, account processing, ># and session processing. If this is enabled, PAM authentication will ># be allowed through the KbdInteractiveAuthentication and ># PasswordAuthentication. Depending on your PAM configuration, ># PAM authentication via KbdInteractiveAuthentication may bypass ># the setting of "PermitRootLogin without-password". ># If you just want the PAM account and session checks to run without ># PAM authentication, then enable this but set PasswordAuthentication ># and KbdInteractiveAuthentication to 'no'. ># WARNING: 'UsePAM no' is not supported in Fedora and may cause several ># problems. >UsePAM yes > >#AllowAgentForwarding yes >#AllowTcpForwarding yes >#GatewayPorts no >#X11Forwarding no >#X11DisplayOffset 10 >#X11UseLocalhost yes >#PermitTTY yes >PrintMotd no >#PrintLastLog yes >#TCPKeepAlive yes >#PermitUserEnvironment no >#Compression delayed >#ClientAliveInterval 0 >#ClientAliveCountMax 3 >#UseDNS no >#PidFile /var/run/sshd.pid >#MaxStartups 10:30:100 >PermitTunnel yes >#ChrootDirectory none >#VersionAddendum none > ># no default banner path >#Banner none > ># override default of no subsystems >#Subsystem sftp /usr/libexec/openssh/sftp-server > ># Example of overriding settings on a per-user basis >#Match User anoncvs ># X11Forwarding no ># AllowTcpForwarding no ># PermitTTY no ># ForceCommand cvs server
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3633">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 3507
:
3629
|
3630
|
3631
|
3632
| 3633 |
3634
|
3635
|
3636
|
3637
|
3638
|
3639