Advertisement
Guest User

Untitled

a guest
Aug 28th, 2016
64
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.41 KB | None | 0 0
  1. # diff /tmp/sshd_config.bak /etc/ssh/sshd_config
  2. 1,2c1,2
  3. < # Package generated configuration file
  4. < # See the sshd_config(5) manpage for details
  5. ---
  6. > # This file is being maintained by Puppet.
  7. > # DO NOT EDIT
  8. 4c4,16
  9. < # What ports, IPs and protocols we listen for
  10. ---
  11. > # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
  12. >
  13. > # This is the sshd server system-wide configuration file. See
  14. > # sshd_config(5) for more information.
  15. >
  16. > # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
  17. >
  18. > # The strategy used for options in the default sshd_config shipped with
  19. > # OpenSSH is to specify options with their default value where
  20. > # possible, but leave them commented. Uncommented options change a
  21. > # default value.
  22. >
  23. > #Port 22
  24. 6,8c18
  25. < # Use these options to restrict which interfaces/protocols sshd will bind to
  26. < #ListenAddress ::
  27. < #ListenAddress 0.0.0.0
  28. ---
  29. > #Protocol 2,1
  30. 9a20,24
  31. > #AddressFamily any
  32. > AddressFamily any
  33. >
  34. > # HostKey for protocol version 1
  35. > #HostKey /etc/ssh/ssh_host_key
  36. 10a26,27
  37. > #HostKey /etc/ssh/ssh_host_rsa_key
  38. > #HostKey /etc/ssh/ssh_host_dsa_key
  39. 15,16d31
  40. < #Privilege Separation is turned on for security
  41. < UsePrivilegeSeparation yes
  42. 19c34,35
  43. < KeyRegenerationInterval 3600
  44. ---
  45. > #KeyRegenerationInterval 1h
  46. > #ServerKeyBits 1024
  47. 21d36
  48. <
  49. 22a38,39
  50. > # obsoletes QuietMode and FascistLogging
  51. > #SyslogFacility AUTH
  52. 23a41
  53. > #LogLevel INFO
  54. 26a45,46
  55. >
  56. > #LoginGraceTime 120
  57. 28c48,50
  58. < PermitRootLogin prohibit-password
  59. ---
  60. > #PermitRootLogin yes
  61. > PermitRootLogin no
  62. > #StrictModes yes
  63. 29a52
  64. > #MaxAuthTries 6
  65. 31c54,55
  66. < RSAAuthentication yes
  67. ---
  68. > #RSAAuthentication yes
  69. > #PubkeyAuthentication yes
  70. 33c57
  71. < #AuthorizedKeysFile %h/.ssh/authorized_keys
  72. ---
  73. > #AuthorizedKeysFile .ssh/authorized_keys
  74. 35,38c59,60
  75. < # Don't read the user's ~/.rhosts and ~/.shosts files
  76. < IgnoreRhosts yes
  77. < # For this to work you will also need host keys in /etc/ssh_known_hosts
  78. < RhostsRSAAuthentication no
  79. ---
  80. > # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  81. > #RhostsRSAAuthentication no
  82. 39a62
  83. > #HostbasedAuthentication no
  84. 41,49c64,70
  85. < # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  86. < #IgnoreUserKnownHosts yes
  87. <
  88. < # To enable empty passwords, change to yes (NOT RECOMMENDED)
  89. < PermitEmptyPasswords no
  90. <
  91. < # Change to yes to enable challenge-response passwords (beware issues with
  92. < # some PAM modules and threads)
  93. < ChallengeResponseAuthentication no
  94. ---
  95. > # Change to yes if you don't trust ~/.ssh/known_hosts for
  96. > # RhostsRSAAuthentication and HostbasedAuthentication
  97. > #IgnoreUserKnownHosts no
  98. > IgnoreUserKnownHosts no
  99. > # Don't read the user's ~/.rhosts and ~/.shosts files
  100. > #IgnoreRhosts yes
  101. > IgnoreRhosts yes
  102. 51,52c72,79
  103. < # Change to no to disable tunnelled clear text passwords
  104. < PasswordAuthentication no
  105. ---
  106. > # To disable tunneled clear text passwords, change to no here!
  107. > #PasswordAuthentication yes
  108. > PasswordAuthentication yes
  109. > #PermitEmptyPasswords no
  110. >
  111. > # Change to no to disable s/key passwords
  112. > #ChallengeResponseAuthentication yes
  113. > ChallengeResponseAuthentication yes
  114. 55,56d81
  115. < #KerberosAuthentication no
  116. < #KerberosGetAFSToken no
  117. 58a84
  118. > #KerberosGetAFSToken no
  119. 61a88
  120. > GSSAPIAuthentication yes
  121. 62a90,101
  122. > GSSAPICleanupCredentials yes
  123. >
  124. > # Set this to 'yes' to enable PAM authentication, account processing,
  125. > # and session processing. If this is enabled, PAM authentication will
  126. > # be allowed through the ChallengeResponseAuthentication mechanism.
  127. > # Depending on your PAM configuration, this may bypass the setting of
  128. > # PasswordAuthentication, PermitEmptyPasswords, and
  129. > # "PermitRootLogin without-password". If you just want the PAM account and
  130. > # session checks to run without PAM authentication, then enable this but set
  131. > # ChallengeResponseAuthentication=no
  132. > #UsePAM no
  133. > UsePAM yes
  134. 63a103,110
  135. > # Accept locale-related environment variables
  136. > AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  137. > AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  138. > AcceptEnv LC_IDENTIFICATION LC_ALL
  139. > #AllowTcpForwarding yes
  140. > AllowTcpForwarding yes
  141. > #GatewayPorts no
  142. > #X11Forwarding no
  143. 65,67c112,117
  144. < X11DisplayOffset 10
  145. < PrintMotd no
  146. < PrintLastLog yes
  147. ---
  148. > #X11DisplayOffset 10
  149. > #X11UseLocalhost yes
  150. > #PrintMotd yes
  151. > PrintMotd yes
  152. > #PrintLastLog yes
  153. > #TCPKeepAlive yes
  154. 69a120,138
  155. > #UsePrivilegeSeparation yes
  156. > #PermitUserEnvironment no
  157. > #Compression delayed
  158. > #ClientAliveInterval 0
  159. > ClientAliveInterval 0
  160. > ClientAliveCountMax 3
  161. > #ShowPatchLevel no
  162. > #UseDNS yes
  163. > UseDNS yes
  164. > #PidFile /var/run/sshd.pid
  165. > #MaxStartups 10:30:100
  166. > #MaxSessions 10
  167. >
  168. > #PermitTunnel no
  169. > #ChrootDirectory none
  170. >
  171. > # no default banner path
  172. > #Banner none
  173. > Banner none
  174. 71,76c140
  175. < #MaxStartups 10:30:60
  176. < #Banner /etc/issue.net
  177. <
  178. < # Allow client to pass locale environment variables
  179. < AcceptEnv LANG LC_*
  180. <
  181. ---
  182. > # override default of no subsystems
  183. 79,88d142
  184. < # Set this to 'yes' to enable PAM authentication, account processing,
  185. < # and session processing. If this is enabled, PAM authentication will
  186. < # be allowed through the ChallengeResponseAuthentication and
  187. < # PasswordAuthentication. Depending on your PAM configuration,
  188. < # PAM authentication via ChallengeResponseAuthentication may bypass
  189. < # the setting of "PermitRootLogin without-password".
  190. < # If you just want the PAM account and session checks to run without
  191. < # PAM authentication, then enable this but set PasswordAuthentication
  192. < # and ChallengeResponseAuthentication to 'no'.
  193. < UsePAM yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement