Facebook

sshd_config safest cryptocurrency exchange

From Jago, 6 Years ago, written in Bash.
URL https://pastebin.pl/view/01ba5b1f
Embed
Download Paste or View Raw
Hits: 252
  1. ubuntu@ip-172-31-46-92:/etc/ssh$ cat sshd_config
  2. # Package generated configuration file
  3. # See the sshd_config(5) manpage for details
  4.  
  5. # What ports, IPs and protocols we listen for
  6. Port 22
  7. # Use these options to restrict which interfaces/protocols sshd will bind to
  8. #ListenAddress ::
  9. #ListenAddress 0.0.0.0
  10. Protocol 2
  11. # HostKeys for protocol version 2
  12. HostKey /etc/ssh/ssh_host_rsa_key
  13. HostKey /etc/ssh/ssh_host_dsa_key
  14. HostKey /etc/ssh/ssh_host_ecdsa_key
  15. HostKey /etc/ssh/ssh_host_ed25519_key
  16. #Privilege Separation is turned on for security
  17. UsePrivilegeSeparation yes
  18.  
  19. # Lifetime and size of ephemeral version 1 server key
  20. KeyRegenerationInterval 3600
  21. ServerKeyBits 1024
  22.  
  23. # Logging
  24. SyslogFacility AUTH
  25. LogLevel INFO
  26.  
  27. # Authentication:
  28. LoginGraceTime 120
  29. PermitRootLogin prohibit-password
  30. StrictModes yes
  31.  
  32. RSAAuthentication yes
  33. PubkeyAuthentication yes
  34. #AuthorizedKeysFile     %h/.ssh/authorized_keys
  35.  
  36. # Don't read the user's ~/.rhosts and ~/.shosts files
  37. IgnoreRhosts yes
  38. # For this to work you will also need host keys in /etc/ssh_known_hosts
  39. RhostsRSAAuthentication no
  40. # similar for protocol version 2
  41. HostbasedAuthentication no
  42. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  43. #IgnoreUserKnownHosts yes
  44.  
  45. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  46. PermitEmptyPasswords no
  47.  
  48. # Change to yes to enable challenge-response passwords (beware issues with
  49. # some PAM modules and threads)
  50. ChallengeResponseAuthentication no
  51.  
  52. # Change to no to disable tunnelled clear text passwords
  53. PasswordAuthentication no
  54.  
  55. # Kerberos options
  56. #KerberosAuthentication no
  57. #KerberosGetAFSToken no
  58. #KerberosOrLocalPasswd yes
  59. #KerberosTicketCleanup yes
  60.  
  61. # GSSAPI options
  62. #GSSAPIAuthentication no
  63. #GSSAPICleanupCredentials yes
  64.  
  65. X11Forwarding yes
  66. X11DisplayOffset 10
  67. PrintMotd no
  68. PrintLastLog yes
  69. TCPKeepAlive yes
  70. #UseLogin no
  71.  
  72. #MaxStartups 10:30:60
  73. #Banner /etc/issue.net
  74.  
  75. # Allow client to pass locale environment variables
  76. AcceptEnv LANG LC_*
  77.  
  78. Subsystem sftp /usr/lib/openssh/sftp-server
  79.  
  80. # Set this to 'yes' to enable PAM authentication, account processing,
  81. # and session processing. If this is enabled, PAM authentication will
  82. # be allowed through the ChallengeResponseAuthentication and
  83. # PasswordAuthentication.  Depending on your PAM configuration,
  84. # PAM authentication via ChallengeResponseAuthentication may bypass
  85. # the setting of "PermitRootLogin without-password".
  86. # If you just want the PAM account and session checks to run without
  87. # PAM authentication, then enable this but set PasswordAuthentication
  88. # and ChallengeResponseAuthentication to 'no'.
  89. UsePAM yes
  90. ubuntu@ip-172-31-46-92:/etc/ssh$
  91.  

Reply to "sshd_config"