diff options
Diffstat (limited to 'tools/conf/etc/ssh')
| -rw-r--r-- | tools/conf/etc/ssh/sshd_config | 30 |
1 files changed, 4 insertions, 26 deletions
diff --git a/tools/conf/etc/ssh/sshd_config b/tools/conf/etc/ssh/sshd_config index f0619fe..cba9be5 100644 --- a/tools/conf/etc/ssh/sshd_config +++ b/tools/conf/etc/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ +# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -16,45 +16,28 @@ AddressFamily inet #ListenAddress 0.0.0.0 #ListenAddress :: -# The default requires explicit activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - # Ciphers and keying #RekeyLimit default none -Ciphers aes256-ctr,aes192-ctr,aes128-ctr # Logging -# obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO LogLevel VERBOSE # Authentication: -LoginGraceTime 1m +#LoginGraceTime 2m #PermitRootLogin prohibit-password -PermitRootLogin no #StrictModes yes #MaxAuthTries 6 -MaxAuthTries 3 #MaxSessions 10 -#RSAAuthentication yes -PubkeyAuthentication yes - -AllowGroups admin users gitolite +#PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys @@ -66,23 +49,19 @@ AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication +# HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes -PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes -ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no @@ -116,7 +95,6 @@ ChallengeResponseAuthentication no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 |