Facebook
From Perl Parakeet, 1 Year ago, written in Plain Text.
This paste is a reply to Re: Re: Re: Untitled from Melodic Plover - view diff
Embed
Download Paste or View Raw
Hits: 192
  1. #       $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
  2.  
  3. # This is the sshd server system-wide configuration file.  See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/local/bin:/usr/bin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented.  Uncommented options override the
  11. # default value.
  12.  
  13. # If you want to change the port on a SELinux system, you have to tell
  14. # SELinux about this change.
  15. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
  16. #
  17. Port 2222
  18. #AddressFamily any
  19. ListenAddress 0.0.0.0
  20. ListenAddress ::
  21.  
  22. HostKey /etc/ssh/ssh_host_rsa_key
  23. #HostKey /etc/ssh/ssh_host_dsa_key
  24. HostKey /etc/ssh/ssh_host_ecdsa_key
  25. HostKey /etc/ssh/ssh_host_ed25519_key
  26.  
  27. # Ciphers and keying
  28. #RekeyLimit default none
  29.  
  30. # Logging
  31. #SyslogFacility AUTH
  32. SyslogFacility AUTHPRIV
  33. #LogLevel INFO
  34.  
  35. # Authentication:
  36.  
  37. #LoginGraceTime 2m
  38. PermitRootLogin yes
  39. #StrictModes yes
  40. #MaxAuthTries 6
  41. #MaxSessions 10
  42.  
  43. PubkeyAuthentication yes
  44.  
  45. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  46. # but this is overridden so installations will only check .ssh/authorized_keys
  47. AuthorizedKeysFile      .ssh/authorized_keys
  48.  
  49. #AuthorizedPrincipalsFile none
  50.  
  51. #AuthorizedKeysCommand none
  52. #AuthorizedKeysCommandUser nobody
  53.  
  54. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  55. #HostbasedAuthentication no
  56. # Change to yes if you don't trust ~/.ssh/known_hosts for
  57. # HostbasedAuthentication
  58. #IgnoreUserKnownHosts no
  59. # Don't read the user's ~/.rhosts and ~/.shosts files
  60. #IgnoreRhosts yes
  61.  
  62. # To disable tunneled clear text passwords, change to no here!
  63. #PasswordAuthentication yes
  64. #PermitEmptyPasswords no
  65. PasswordAuthentication yes
  66.  
  67. # Change to no to disable s/key passwords
  68. #ChallengeResponseAuthentication yes
  69. ChallengeResponseAuthentication yes
  70.  
  71. # Kerberos options
  72. #KerberosAuthentication no
  73. #KerberosOrLocalPasswd yes
  74. #KerberosTicketCleanup yes
  75. #KerberosGetAFSToken no
  76. #KerberosUseKuserok yes
  77.  
  78. # GSSAPI options
  79. GSSAPIAuthentication yes
  80. GSSAPICleanupCredentials no
  81. #GSSAPIStrictAcceptorCheck yes
  82. #GSSAPIKeyExchange no
  83. #GSSAPIEnablek5users no
  84.  
  85. # Set this to 'yes' to enable PAM authentication, account processing,
  86. # and session processing. If this is enabled, PAM authentication will
  87. # be allowed through the ChallengeResponseAuthentication and
  88. # PasswordAuthentication.  Depending on your PAM configuration,
  89. # PAM authentication via ChallengeResponseAuthentication may bypass
  90. # the setting of "PermitRootLogin without-password".
  91. # If you just want the PAM account and session checks to run without
  92. # PAM authentication, then enable this but set PasswordAuthentication
  93. # and ChallengeResponseAuthentication to 'no'.
  94. # WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
  95. # problems.
  96. UsePAM yes
  97.  
  98. AllowAgentForwarding yes
  99. AllowTcpForwarding yes
  100. #GatewayPorts no
  101. X11Forwarding yes
  102. #X11DisplayOffset 10
  103. #X11UseLocalhost yes
  104. #PermitTTY yes
  105. #PrintMotd yes
  106. #PrintLastLog yes
  107. #TCPKeepAlive yes
  108. #UseLogin no
  109. #UsePrivilegeSeparation sandbox
  110. #PermitUserEnvironment no
  111. #Compression delayed
  112. #ClientAliveInterval 0
  113. #ClientAliveCountMax 3
  114. #ShowPatchLevel no
  115. #UseDNS yes
  116. #PidFile /var/run/sshd.pid
  117. #MaxStartups 10:30:100
  118. #PermitTunnel no
  119. #ChrootDirectory none
  120. #VersionAddendum none
  121.  
  122. # no default banner path
  123. #Banner none
  124.  
  125. # Accept locale-related environment variables
  126. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  127. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  128. AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  129. AcceptEnv XMODIFIERS
  130.  
  131. # override default of no subsystems
  132. Subsystem       sftp    /usr/libexec/openssh/sftp-server
  133.  
  134. # Example of overriding settings on a per-user basis
  135. #Match User anoncvs
  136. #       X11Forwarding no
  137. #       AllowTcpForwarding no
  138. #       PermitTTY no
  139. #       ForceCommand cvs server