diff options
| author | Silvino Silva <silvino@bk.ru> | 2017-08-02 01:18:23 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2017-08-02 01:18:23 +0100 |
| commit | c0148601ebe2196375f26572624590cad2751845 (patch) | |
| tree | 0f40548a2b5c8eaf9bd99423e21b8baf63b83d65 /tools/conf/etc/ssh | |
| parent | 5ff68b8c191272fe9c80765fa6ac11c18aee3224 (diff) | |
| parent | 65167272a3ba52dc4d032a1c60a9ff030408047d (diff) | |
| download | doc-c0148601ebe2196375f26572624590cad2751845.tar.gz | |
Merge branch 'r-0.3.1' into develop
Diffstat (limited to 'tools/conf/etc/ssh')
| -rw-r--r-- | tools/conf/etc/ssh/sshd_config | 27 |
1 files changed, 3 insertions, 24 deletions
diff --git a/tools/conf/etc/ssh/sshd_config b/tools/conf/etc/ssh/sshd_config index 5e07530..cba9be5 100644 --- a/tools/conf/etc/ssh/sshd_config +++ b/tools/conf/etc/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ +# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -16,45 +16,29 @@ AddressFamily inet #ListenAddress 0.0.0.0 #ListenAddress :: -# The default requires explicit activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - # Ciphers and keying #RekeyLimit default none # Logging -# obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO LogLevel VERBOSE # Authentication: -LoginGraceTime 1m +#LoginGraceTime 2m #PermitRootLogin prohibit-password -PermitRootLogin no #StrictModes yes #MaxAuthTries 6 -MaxAuthTries 3 #MaxSessions 10 -#RSAAuthentication yes #PubkeyAuthentication yes -AllowGroups admin users gitolite - # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys @@ -65,23 +49,19 @@ AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication +# HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes -PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes -ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no @@ -115,7 +95,6 @@ ChallengeResponseAuthentication no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 |