Mercurial > repos > other > Puppet
comparison modules/ssh/spec/fixtures/sshd_config_rhel7 @ 385:d9009f54eb23
Migrate to a fully-fledged SSH module
This handles lots of the server path differences for us
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Mon, 03 Jan 2022 17:05:54 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 384:22e45bb5ea97 | 385:d9009f54eb23 |
|---|---|
| 1 # This file is being maintained by Puppet. | |
| 2 # DO NOT EDIT | |
| 3 | |
| 4 # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ | |
| 5 | |
| 6 # This is the sshd server system-wide configuration file. See | |
| 7 # sshd_config(5) for more information. | |
| 8 | |
| 9 # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin | |
| 10 | |
| 11 # The strategy used for options in the default sshd_config shipped with | |
| 12 # OpenSSH is to specify options with their default value where | |
| 13 # possible, but leave them commented. Uncommented options change a | |
| 14 # default value. | |
| 15 | |
| 16 #Port 22 | |
| 17 Port 22 | |
| 18 #Protocol 2,1 | |
| 19 Protocol 2 | |
| 20 #AddressFamily any | |
| 21 AddressFamily any | |
| 22 | |
| 23 # HostKey for protocol version 1 | |
| 24 #HostKey /etc/ssh/ssh_host_key | |
| 25 # HostKeys for protocol version 2 | |
| 26 #HostKey /etc/ssh/ssh_host_rsa_key | |
| 27 #HostKey /etc/ssh/ssh_host_dsa_key | |
| 28 HostKey /etc/ssh/ssh_host_rsa_key | |
| 29 | |
| 30 # Lifetime and size of ephemeral version 1 server key | |
| 31 #KeyRegenerationInterval 1h | |
| 32 #ServerKeyBits 1024 | |
| 33 # Logging | |
| 34 # obsoletes QuietMode and FascistLogging | |
| 35 #SyslogFacility AUTH | |
| 36 SyslogFacility AUTH | |
| 37 #LogLevel INFO | |
| 38 LogLevel INFO | |
| 39 | |
| 40 # Authentication: | |
| 41 | |
| 42 #LoginGraceTime 120 | |
| 43 LoginGraceTime 120 | |
| 44 #PermitRootLogin yes | |
| 45 PermitRootLogin yes | |
| 46 #StrictModes yes | |
| 47 #MaxAuthTries 6 | |
| 48 | |
| 49 #RSAAuthentication yes | |
| 50 #PubkeyAuthentication yes | |
| 51 PubkeyAuthentication yes | |
| 52 #AuthorizedKeysFile .ssh/authorized_keys | |
| 53 | |
| 54 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | |
| 55 #RhostsRSAAuthentication no | |
| 56 # similar for protocol version 2 | |
| 57 #HostbasedAuthentication no | |
| 58 HostbasedAuthentication no | |
| 59 # Change to yes if you don't trust ~/.ssh/known_hosts for | |
| 60 # RhostsRSAAuthentication and HostbasedAuthentication | |
| 61 #IgnoreUserKnownHosts no | |
| 62 IgnoreUserKnownHosts no | |
| 63 # Don't read the user's ~/.rhosts and ~/.shosts files | |
| 64 #IgnoreRhosts yes | |
| 65 IgnoreRhosts yes | |
| 66 | |
| 67 # To disable tunneled clear text passwords, change to no here! | |
| 68 #PasswordAuthentication yes | |
| 69 PasswordAuthentication yes | |
| 70 #PermitEmptyPasswords no | |
| 71 | |
| 72 # Change to no to disable s/key passwords | |
| 73 #ChallengeResponseAuthentication yes | |
| 74 ChallengeResponseAuthentication yes | |
| 75 | |
| 76 # Kerberos options | |
| 77 #KerberosOrLocalPasswd yes | |
| 78 #KerberosTicketCleanup yes | |
| 79 #KerberosGetAFSToken no | |
| 80 | |
| 81 # GSSAPI options | |
| 82 #GSSAPIAuthentication no | |
| 83 GSSAPIAuthentication yes | |
| 84 #GSSAPICleanupCredentials yes | |
| 85 GSSAPICleanupCredentials yes | |
| 86 | |
| 87 # Set this to 'yes' to enable PAM authentication, account processing, | |
| 88 # and session processing. If this is enabled, PAM authentication will | |
| 89 # be allowed through the ChallengeResponseAuthentication mechanism. | |
| 90 # Depending on your PAM configuration, this may bypass the setting of | |
| 91 # PasswordAuthentication, PermitEmptyPasswords, and | |
| 92 # "PermitRootLogin without-password". If you just want the PAM account and | |
| 93 # session checks to run without PAM authentication, then enable this but set | |
| 94 # ChallengeResponseAuthentication=no | |
| 95 #UsePAM no | |
| 96 UsePAM yes | |
| 97 | |
| 98 # Accept locale-related environment variables | |
| 99 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | |
| 100 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | |
| 101 AcceptEnv LC_IDENTIFICATION LC_ALL | |
| 102 #AllowTcpForwarding yes | |
| 103 AllowTcpForwarding yes | |
| 104 #GatewayPorts no | |
| 105 #X11Forwarding no | |
| 106 X11Forwarding yes | |
| 107 #X11DisplayOffset 10 | |
| 108 #X11UseLocalhost yes | |
| 109 X11UseLocalhost yes | |
| 110 #PrintMotd yes | |
| 111 PrintMotd yes | |
| 112 #PrintLastLog yes | |
| 113 #TCPKeepAlive yes | |
| 114 TCPKeepAlive yes | |
| 115 #UseLogin no | |
| 116 #UsePrivilegeSeparation yes | |
| 117 #PermitUserEnvironment no | |
| 118 #Compression delayed | |
| 119 #ClientAliveInterval 0 | |
| 120 ClientAliveInterval 0 | |
| 121 ClientAliveCountMax 3 | |
| 122 #ShowPatchLevel no | |
| 123 #UseDNS yes | |
| 124 UseDNS yes | |
| 125 #PidFile /var/run/sshd.pid | |
| 126 #MaxStartups 10:30:100 | |
| 127 #MaxSessions 10 | |
| 128 | |
| 129 #PermitTunnel no | |
| 130 PermitTunnel no | |
| 131 #ChrootDirectory none | |
| 132 | |
| 133 # no default banner path | |
| 134 #Banner none | |
| 135 Banner none | |
| 136 | |
| 137 #XAuthLocation /usr/bin/xauth | |
| 138 XAuthLocation /usr/bin/xauth | |
| 139 | |
| 140 # override default of no subsystems | |
| 141 Subsystem sftp /usr/libexec/openssh/sftp-server | |
| 142 |