No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

etc_ssh_sshd_config.j2 2.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
  1. # Package generated configuration file
  2. # See the sshd_config(5) manpage for details
  3. # What ports, IPs and protocols we listen for
  4. Port 22
  5. # Use these options to restrict which interfaces/protocols sshd will bind to
  6. #ListenAddress ::
  7. #ListenAddress 0.0.0.0
  8. Protocol 2
  9. # HostKeys for protocol version 2
  10. HostKey /etc/ssh/ssh_host_rsa_key
  11. HostKey /etc/ssh/ssh_host_dsa_key
  12. HostKey /etc/ssh/ssh_host_ecdsa_key
  13. #Privilege Separation is turned on for security
  14. UsePrivilegeSeparation yes
  15. # Lifetime and size of ephemeral version 1 server key
  16. KeyRegenerationInterval 3600
  17. ServerKeyBits 768
  18. # Logging
  19. SyslogFacility AUTH
  20. LogLevel INFO
  21. # Authentication:
  22. LoginGraceTime 120
  23. PermitRootLogin no
  24. StrictModes yes
  25. RSAAuthentication yes
  26. PubkeyAuthentication yes
  27. #AuthorizedKeysFile %h/.ssh/authorized_keys
  28. # Don't read the user's ~/.rhosts and ~/.shosts files
  29. IgnoreRhosts yes
  30. # For this to work you will also need host keys in /etc/ssh_known_hosts
  31. RhostsRSAAuthentication no
  32. # similar for protocol version 2
  33. HostbasedAuthentication no
  34. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  35. #IgnoreUserKnownHosts yes
  36. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  37. PermitEmptyPasswords no
  38. # Change to yes to enable challenge-response passwords (beware issues with
  39. # some PAM modules and threads)
  40. ChallengeResponseAuthentication no
  41. # Change to no to disable tunnelled clear text passwords
  42. PasswordAuthentication no
  43. # Kerberos options
  44. #KerberosAuthentication no
  45. #KerberosGetAFSToken no
  46. #KerberosOrLocalPasswd yes
  47. #KerberosTicketCleanup yes
  48. # GSSAPI options
  49. #GSSAPIAuthentication no
  50. #GSSAPICleanupCredentials yes
  51. X11Forwarding yes
  52. X11DisplayOffset 10
  53. PrintMotd no
  54. PrintLastLog yes
  55. TCPKeepAlive yes
  56. #UseLogin no
  57. #MaxStartups 10:30:60
  58. #Banner /etc/issue.net
  59. # Allow client to pass locale environment variables
  60. AcceptEnv LANG LC_*
  61. Subsystem sftp /usr/lib/openssh/sftp-server
  62. # Set this to 'yes' to enable PAM authentication, account processing,
  63. # and session processing. If this is enabled, PAM authentication will
  64. # be allowed through the ChallengeResponseAuthentication and
  65. # PasswordAuthentication. Depending on your PAM configuration,
  66. # PAM authentication via ChallengeResponseAuthentication may bypass
  67. # the setting of "PermitRootLogin without-password".
  68. # If you just want the PAM account and session checks to run without
  69. # PAM authentication, then enable this but set PasswordAuthentication
  70. # and ChallengeResponseAuthentication to 'no'.
  71. UsePAM yes