Bez popisu
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

etc_ssh_sshd_config.j2 1.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. # What ports, IPs and protocols we listen for
  2. Port 22
  3. # Use these options to restrict which interfaces/protocols sshd will bind to
  4. #ListenAddress ::
  5. #ListenAddress 0.0.0.0
  6. Protocol 2
  7. # HostKeys for protocol version 2
  8. HostKey /etc/ssh/ssh_host_rsa_key
  9. #Privilege Separation is turned on for security
  10. UsePrivilegeSeparation yes
  11. KexAlgorithms {{ kex_algorithms }}
  12. Ciphers {{ ciphers }}
  13. MACs {{ macs }}
  14. # Lifetime and size of ephemeral version 1 server key
  15. KeyRegenerationInterval 3600
  16. ServerKeyBits 768
  17. # Logging
  18. SyslogFacility AUTH
  19. LogLevel INFO
  20. # Authentication:
  21. LoginGraceTime 120
  22. PermitRootLogin no
  23. StrictModes yes
  24. RSAAuthentication yes
  25. PubkeyAuthentication yes
  26. # Don't read the user's ~/.rhosts and ~/.shosts files
  27. IgnoreRhosts yes
  28. # For this to work you will also need host keys in /etc/ssh_known_hosts
  29. RhostsRSAAuthentication no
  30. # similar for protocol version 2
  31. HostbasedAuthentication no
  32. PermitEmptyPasswords no
  33. # Change to yes to enable challenge-response passwords (beware issues with
  34. # some PAM modules and threads)
  35. ChallengeResponseAuthentication yes
  36. # Change to no to disable tunnelled clear text passwords
  37. PasswordAuthentication no
  38. X11Forwarding yes
  39. X11DisplayOffset 10
  40. PrintMotd no
  41. PrintLastLog yes
  42. TCPKeepAlive yes
  43. # Allow client to pass locale environment variables
  44. AcceptEnv LANG LC_*
  45. Subsystem sftp /usr/lib/openssh/sftp-server
  46. # Set this to 'yes' to enable PAM authentication, account processing,
  47. # and session processing. If this is enabled, PAM authentication will
  48. # be allowed through the ChallengeResponseAuthentication and
  49. # PasswordAuthentication. Depending on your PAM configuration,
  50. # PAM authentication via ChallengeResponseAuthentication may bypass
  51. # the setting of "PermitRootLogin without-password".
  52. # If you just want the PAM account and session checks to run without
  53. # PAM authentication, then enable this but set PasswordAuthentication
  54. # and ChallengeResponseAuthentication to 'no'.
  55. UsePAM yes