diff options
| author | Silvino Silva <silvino@bk.ru> | 2018-06-12 00:09:06 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2018-06-12 00:09:06 +0100 |
| commit | f5a5ccbf1af61c4a70695b01187c32fd5ead2e76 (patch) | |
| tree | 2b73a732dc3f199009e6626e2b599175b7fb16a1 /tools/conf | |
| parent | 39b2bc2174a6a25a0e727ecc12bb0edadaac689f (diff) | |
| download | doc-f5a5ccbf1af61c4a70695b01187c32fd5ead2e76.tar.gz | |
network, iptables, sshd config fix's
Diffstat (limited to 'tools/conf')
| -rw-r--r-- | tools/conf/etc/ssh/sshd_config | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/tools/conf/etc/ssh/sshd_config b/tools/conf/etc/ssh/sshd_config index cba9be5..6fd955a 100644 --- a/tools/conf/etc/ssh/sshd_config +++ b/tools/conf/etc/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -16,6 +16,10 @@ AddressFamily inet #ListenAddress 0.0.0.0 #ListenAddress :: + +# The default requires explicit activation of protocol 1 +Protocol 2 + #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key @@ -27,17 +31,18 @@ AddressFamily inet # Logging #SyslogFacility AUTH #LogLevel INFO -LogLevel VERBOSE # Authentication: -#LoginGraceTime 2m +LoginGraceTime 1m #PermitRootLogin prohibit-password +PermitRootLogin no #StrictModes yes -#MaxAuthTries 6 +MaxAuthTries 3 #MaxSessions 10 +MaxSessions 3 -#PubkeyAuthentication yes +PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys @@ -58,10 +63,12 @@ AuthorizedKeysFile .ssh/authorized_keys # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes +PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no @@ -83,6 +90,7 @@ AuthorizedKeysFile .ssh/authorized_keys # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM no +#UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes @@ -95,6 +103,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintLastLog yes #TCPKeepAlive yes #UseLogin no +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -107,7 +116,7 @@ AuthorizedKeysFile .ssh/authorized_keys #VersionAddendum none # no default banner path -Banner /etc/issues +Banner /etc/issue # override default of no subsystems Subsystem sftp /usr/lib/ssh/sftp-server |