comparison modules/ssh/spec/fixtures/sshd_config_debian8 @ 385:d9009f54eb23

Migrate to a fully-fledged SSH module This handles lots of the server path differences for us
author IBBoard <dev@ibboard.co.uk>
date Mon, 03 Jan 2022 17:05:54 +0000
parents
children
comparison
equal deleted inserted replaced
384:22e45bb5ea97 385:d9009f54eb23
1 # This file is being maintained by Puppet.
2 # DO NOT EDIT
3
4 # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
5
6 # This is the sshd server system-wide configuration file. See
7 # sshd_config(5) for more information.
8
9 # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
10
11 # The strategy used for options in the default sshd_config shipped with
12 # OpenSSH is to specify options with their default value where
13 # possible, but leave them commented. Uncommented options change a
14 # default value.
15
16 #Port 22
17 Port 22
18 #Protocol 2,1
19 Protocol 2
20 #AddressFamily any
21 AddressFamily any
22
23 # HostKey for protocol version 1
24 #HostKey /etc/ssh/ssh_host_key
25 # HostKeys for protocol version 2
26 #HostKey /etc/ssh/ssh_host_rsa_key
27 #HostKey /etc/ssh/ssh_host_dsa_key
28 HostKey /etc/ssh/ssh_host_rsa_key
29 HostKey /etc/ssh/ssh_host_dsa_key
30 HostKey /etc/ssh/ssh_host_ecdsa_key
31 HostKey /etc/ssh/ssh_host_ed25519_key
32
33 # Lifetime and size of ephemeral version 1 server key
34 #KeyRegenerationInterval 1h
35 #ServerKeyBits 1024
36 ServerKeyBits 1024
37 # Logging
38 # obsoletes QuietMode and FascistLogging
39 #SyslogFacility AUTH
40 SyslogFacility AUTH
41 #LogLevel INFO
42 LogLevel INFO
43
44 # Authentication:
45
46 #LoginGraceTime 120
47 LoginGraceTime 120
48 #PermitRootLogin yes
49 PermitRootLogin yes
50 #StrictModes yes
51 #MaxAuthTries 6
52
53 #RSAAuthentication yes
54 #PubkeyAuthentication yes
55 PubkeyAuthentication yes
56 #AuthorizedKeysFile .ssh/authorized_keys
57
58 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
59 #RhostsRSAAuthentication no
60 # similar for protocol version 2
61 #HostbasedAuthentication no
62 HostbasedAuthentication no
63 # Change to yes if you don't trust ~/.ssh/known_hosts for
64 # RhostsRSAAuthentication and HostbasedAuthentication
65 #IgnoreUserKnownHosts no
66 IgnoreUserKnownHosts no
67 # Don't read the user's ~/.rhosts and ~/.shosts files
68 #IgnoreRhosts yes
69 IgnoreRhosts yes
70
71 # To disable tunneled clear text passwords, change to no here!
72 #PasswordAuthentication yes
73 PasswordAuthentication yes
74 #PermitEmptyPasswords no
75
76 # Change to no to disable s/key passwords
77 #ChallengeResponseAuthentication yes
78 ChallengeResponseAuthentication yes
79
80 # Kerberos options
81 #KerberosOrLocalPasswd yes
82 #KerberosTicketCleanup yes
83 #KerberosGetAFSToken no
84
85 # GSSAPI options
86 #GSSAPIAuthentication no
87 GSSAPIAuthentication yes
88
89 # Set this to 'yes' to enable PAM authentication, account processing,
90 # and session processing. If this is enabled, PAM authentication will
91 # be allowed through the ChallengeResponseAuthentication mechanism.
92 # Depending on your PAM configuration, this may bypass the setting of
93 # PasswordAuthentication, PermitEmptyPasswords, and
94 # "PermitRootLogin without-password". If you just want the PAM account and
95 # session checks to run without PAM authentication, then enable this but set
96 # ChallengeResponseAuthentication=no
97 #UsePAM no
98 UsePAM yes
99
100 # Accept locale-related environment variables
101 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
102 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
103 AcceptEnv LC_IDENTIFICATION LC_ALL
104 #AllowTcpForwarding yes
105 AllowTcpForwarding yes
106 #GatewayPorts no
107 #X11Forwarding no
108 X11Forwarding yes
109 #X11DisplayOffset 10
110 #X11UseLocalhost yes
111 X11UseLocalhost yes
112 #PrintMotd yes
113 PrintMotd yes
114 #PrintLastLog yes
115 #TCPKeepAlive yes
116 TCPKeepAlive yes
117 #UseLogin no
118 #UsePrivilegeSeparation yes
119 #PermitUserEnvironment no
120 #Compression delayed
121 #ClientAliveInterval 0
122 ClientAliveInterval 0
123 ClientAliveCountMax 3
124 #ShowPatchLevel no
125 #UseDNS yes
126 UseDNS yes
127 #PidFile /var/run/sshd.pid
128 #MaxStartups 10:30:100
129 #MaxSessions 10
130
131 #PermitTunnel no
132 PermitTunnel no
133 #ChrootDirectory none
134
135 # no default banner path
136 #Banner none
137 Banner none
138
139 # override default of no subsystems
140 Subsystem sftp /usr/lib/openssh/sftp-server
141