comparison modules/ssh/spec/fixtures/sshd_config_rhel @ 385:d9009f54eb23

Migrate to a fully-fledged SSH module This handles lots of the server path differences for us
author IBBoard <dev@ibboard.co.uk>
date Mon, 03 Jan 2022 17:05:54 +0000
parents
children
comparison
equal deleted inserted replaced
384:22e45bb5ea97 385:d9009f54eb23
1 # This file is being maintained by Puppet.
2 # DO NOT EDIT
3
4 # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
5
6 # This is the sshd server system-wide configuration file. See
7 # sshd_config(5) for more information.
8
9 # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
10
11 # The strategy used for options in the default sshd_config shipped with
12 # OpenSSH is to specify options with their default value where
13 # possible, but leave them commented. Uncommented options change a
14 # default value.
15
16 #Port 22
17 Port 22
18 #Protocol 2,1
19 Protocol 2
20 #AddressFamily any
21 AddressFamily any
22
23 # HostKey for protocol version 1
24 #HostKey /etc/ssh/ssh_host_key
25 # HostKeys for protocol version 2
26 #HostKey /etc/ssh/ssh_host_rsa_key
27 #HostKey /etc/ssh/ssh_host_dsa_key
28 HostKey /etc/ssh/ssh_host_rsa_key
29
30 # Lifetime and size of ephemeral version 1 server key
31 #KeyRegenerationInterval 1h
32 #ServerKeyBits 1024
33 ServerKeyBits 1024
34 # Logging
35 # obsoletes QuietMode and FascistLogging
36 #SyslogFacility AUTH
37 SyslogFacility AUTH
38 #LogLevel INFO
39 LogLevel INFO
40
41 # Authentication:
42
43 #LoginGraceTime 120
44 LoginGraceTime 120
45 #PermitRootLogin yes
46 PermitRootLogin yes
47 #StrictModes yes
48 #MaxAuthTries 6
49
50 #RSAAuthentication yes
51 #PubkeyAuthentication yes
52 PubkeyAuthentication yes
53 #AuthorizedKeysFile .ssh/authorized_keys
54
55 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
56 #RhostsRSAAuthentication no
57 # similar for protocol version 2
58 #HostbasedAuthentication no
59 HostbasedAuthentication no
60 # Change to yes if you don't trust ~/.ssh/known_hosts for
61 # RhostsRSAAuthentication and HostbasedAuthentication
62 #IgnoreUserKnownHosts no
63 IgnoreUserKnownHosts no
64 # Don't read the user's ~/.rhosts and ~/.shosts files
65 #IgnoreRhosts yes
66 IgnoreRhosts yes
67
68 # To disable tunneled clear text passwords, change to no here!
69 #PasswordAuthentication yes
70 PasswordAuthentication yes
71 #PermitEmptyPasswords no
72
73 # Change to no to disable s/key passwords
74 #ChallengeResponseAuthentication yes
75 ChallengeResponseAuthentication yes
76
77 # Kerberos options
78 #KerberosOrLocalPasswd yes
79 #KerberosTicketCleanup yes
80 #KerberosGetAFSToken no
81
82 # GSSAPI options
83 #GSSAPIAuthentication no
84 GSSAPIAuthentication yes
85 #GSSAPICleanupCredentials yes
86 GSSAPICleanupCredentials yes
87
88 # Set this to 'yes' to enable PAM authentication, account processing,
89 # and session processing. If this is enabled, PAM authentication will
90 # be allowed through the ChallengeResponseAuthentication mechanism.
91 # Depending on your PAM configuration, this may bypass the setting of
92 # PasswordAuthentication, PermitEmptyPasswords, and
93 # "PermitRootLogin without-password". If you just want the PAM account and
94 # session checks to run without PAM authentication, then enable this but set
95 # ChallengeResponseAuthentication=no
96 #UsePAM no
97 UsePAM yes
98
99 # Accept locale-related environment variables
100 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
101 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
102 AcceptEnv LC_IDENTIFICATION LC_ALL
103 #AllowTcpForwarding yes
104 AllowTcpForwarding yes
105 #GatewayPorts no
106 #X11Forwarding no
107 X11Forwarding yes
108 #X11DisplayOffset 10
109 #X11UseLocalhost yes
110 X11UseLocalhost yes
111 #PrintMotd yes
112 PrintMotd yes
113 #PrintLastLog yes
114 #TCPKeepAlive yes
115 TCPKeepAlive yes
116 #UseLogin no
117 #UsePrivilegeSeparation yes
118 #PermitUserEnvironment no
119 #Compression delayed
120 #ClientAliveInterval 0
121 ClientAliveInterval 0
122 ClientAliveCountMax 3
123 #ShowPatchLevel no
124 #UseDNS yes
125 UseDNS yes
126 #PidFile /var/run/sshd.pid
127 #MaxStartups 10:30:100
128 #MaxSessions 10
129
130 #PermitTunnel no
131 PermitTunnel no
132 #ChrootDirectory none
133
134 # no default banner path
135 #Banner none
136 Banner none
137
138 #XAuthLocation /usr/bin/xauth
139 XAuthLocation /usr/bin/xauth
140
141 # override default of no subsystems
142 Subsystem sftp /usr/libexec/openssh/sftp-server
143