438
|
1 # This file is being maintained by Puppet.
|
|
2 # DO NOT EDIT
|
|
3
|
|
4 # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
|
|
5
|
|
6 # This is the sshd server system-wide configuration file. See
|
|
7 # sshd_config(5) for more information.
|
|
8
|
|
9 # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
|
|
10
|
|
11 # The strategy used for options in the default sshd_config shipped with
|
|
12 # OpenSSH is to specify options with their default value where
|
|
13 # possible, but leave them commented. Uncommented options change a
|
|
14 # default value.
|
|
15
|
|
16 Include /etc/ssh/sshd_config.d/*.conf
|
|
17
|
|
18 #Port 22
|
|
19 Port 22
|
|
20 #Protocol 2,1
|
|
21 Protocol 2
|
|
22 #AddressFamily any
|
|
23 AddressFamily any
|
|
24
|
|
25 # HostKey for protocol version 1
|
|
26 #HostKey /etc/ssh/ssh_host_key
|
|
27 # HostKeys for protocol version 2
|
|
28 #HostKey /etc/ssh/ssh_host_rsa_key
|
|
29 #HostKey /etc/ssh/ssh_host_dsa_key
|
|
30
|
|
31 # Lifetime and size of ephemeral version 1 server key
|
|
32 #KeyRegenerationInterval 1h
|
|
33 #ServerKeyBits 1024
|
|
34 # Logging
|
|
35 # obsoletes QuietMode and FascistLogging
|
|
36 #SyslogFacility AUTH
|
|
37 SyslogFacility AUTH
|
|
38 #LogLevel INFO
|
|
39 LogLevel INFO
|
|
40
|
|
41 # Authentication:
|
|
42
|
|
43 #LoginGraceTime 120
|
|
44 LoginGraceTime 120
|
|
45 #PermitRootLogin yes
|
|
46 PermitRootLogin yes
|
|
47 #StrictModes yes
|
|
48 #MaxAuthTries 6
|
|
49
|
|
50 #RSAAuthentication yes
|
|
51 #PubkeyAuthentication yes
|
|
52 PubkeyAuthentication yes
|
|
53 #AuthorizedKeysFile .ssh/authorized_keys
|
|
54
|
|
55 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
|
56 #RhostsRSAAuthentication no
|
|
57 # similar for protocol version 2
|
|
58 #HostbasedAuthentication no
|
|
59 HostbasedAuthentication no
|
|
60 # Change to yes if you don't trust ~/.ssh/known_hosts for
|
|
61 # RhostsRSAAuthentication and HostbasedAuthentication
|
|
62 #IgnoreUserKnownHosts no
|
|
63 IgnoreUserKnownHosts no
|
|
64 # Don't read the user's ~/.rhosts and ~/.shosts files
|
|
65 #IgnoreRhosts yes
|
|
66 IgnoreRhosts yes
|
|
67
|
|
68 # To disable tunneled clear text passwords, change to no here!
|
|
69 #PasswordAuthentication yes
|
|
70 PasswordAuthentication yes
|
|
71 #PermitEmptyPasswords no
|
|
72
|
|
73 # Change to no to disable s/key passwords
|
|
74 #ChallengeResponseAuthentication yes
|
|
75 ChallengeResponseAuthentication yes
|
|
76
|
|
77 # Kerberos options
|
|
78 #KerberosOrLocalPasswd yes
|
|
79 #KerberosTicketCleanup yes
|
|
80 #KerberosGetAFSToken no
|
|
81
|
|
82 # GSSAPI options
|
|
83 #GSSAPIAuthentication no
|
|
84 GSSAPIAuthentication yes
|
|
85
|
|
86 # Set this to 'yes' to enable PAM authentication, account processing,
|
|
87 # and session processing. If this is enabled, PAM authentication will
|
|
88 # be allowed through the ChallengeResponseAuthentication mechanism.
|
|
89 # Depending on your PAM configuration, this may bypass the setting of
|
|
90 # PasswordAuthentication, PermitEmptyPasswords, and
|
|
91 # "PermitRootLogin without-password". If you just want the PAM account and
|
|
92 # session checks to run without PAM authentication, then enable this but set
|
|
93 # ChallengeResponseAuthentication=no
|
|
94 #UsePAM no
|
|
95 UsePAM yes
|
|
96
|
|
97 # Accept locale-related environment variables
|
|
98 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
99 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
100 AcceptEnv LC_IDENTIFICATION LC_ALL
|
|
101 #AllowTcpForwarding yes
|
|
102 AllowTcpForwarding yes
|
|
103 #GatewayPorts no
|
|
104 #X11Forwarding no
|
|
105 X11Forwarding yes
|
|
106 #X11DisplayOffset 10
|
|
107 #X11UseLocalhost yes
|
|
108 X11UseLocalhost yes
|
|
109 #PrintMotd yes
|
|
110 PrintMotd yes
|
|
111 #PrintLastLog yes
|
|
112 #TCPKeepAlive yes
|
|
113 #UseLogin no
|
|
114 #UsePrivilegeSeparation yes
|
|
115 #PermitUserEnvironment no
|
|
116 #Compression delayed
|
|
117 #ClientAliveInterval 0
|
|
118 ClientAliveInterval 0
|
|
119 ClientAliveCountMax 3
|
|
120 #ShowPatchLevel no
|
|
121 #UseDNS yes
|
|
122 UseDNS no
|
|
123 #PidFile /var/run/sshd.pid
|
|
124 #MaxStartups 10:30:100
|
|
125 #MaxSessions 10
|
|
126
|
|
127 #PermitTunnel no
|
|
128 #ChrootDirectory none
|
|
129
|
|
130 # no default banner path
|
|
131 #Banner none
|
|
132 Banner none
|
|
133
|
|
134 # override default of no subsystems
|
|
135 Subsystem sftp /usr/lib/openssh/sftp-server
|
|
136
|