API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 24th, 2017
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.22 KB | None | 0 0
raw download clone embed print report
  1. # $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
  2.  
  3. # This is the sshd server system-wide configuration file. See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/local/bin:/usr/bin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented. Uncommented options override the
  11. # default value.
  12.  
  13. # If you want to change the port on a SELinux system, you have to tell
  14. # SELinux about this change.
  15. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
  16. #
  17. #Port 22
  18. #AddressFamily any
  19. #ListenAddress
  20. #ListenAddress ::
  21.  
  22. # The default requires explicit activation of protocol 1
  23. #Protocol 2
  24.  
  25. # HostKey for protocol version 1
  26. #HostKey /etc/ssh/ssh_host_key
  27. # HostKeys for protocol version 2
  28. HostKey /etc/ssh/ssh_host_rsa_key
  29. #HostKey /etc/ssh/ssh_host_dsa_key
  30. #HostKey /etc/ssh/ssh_host_ecdsa_key
  31. #HostKey /etc/ssh/ssh_host_ed25519_key
  32.  
  33. # Lifetime and size of ephemeral version 1 server key
  34. #KeyRegenerationInterval 1h
  35. #ServerKeyBits 1024
  36.  
  37. # Ciphers and keying
  38. #RekeyLimit default none
  39.  
  40. # Logging
  41. # obsoletes QuietMode and FascistLogging
  42. #SyslogFacility AUTH
  43. SyslogFacility AUTHPRIV
  44. #LogLevel INFO
  45.  
  46. # Authentication:
  47.  
  48. #LoginGraceTime 2m
  49. PermitRootLogin no
  50. #StrictModes yes
  51. #MaxAuthTries 6
  52. #MaxSessions 10
  53.  
  54. #RSAAuthentication yes
  55. #PubkeyAuthentication yes
  56.  
  57. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  58. # but this is overridden so installations will only check .ssh/authorized_keys
  59. AuthorizedKeysFile .ssh/authorized_keys
  60.  
  61. #AuthorizedPrincipalsFile none
  62.  
  63. #AuthorizedKeysCommand none
  64. #AuthorizedKeysCommandUser nobody
  65.  
  66. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  67. #RhostsRSAAuthentication no
  68. # similar for protocol version 2
  69. #HostbasedAuthentication no
  70. # Change to yes if you don't trust ~/.ssh/known_hosts for
  71. # RhostsRSAAuthentication and HostbasedAuthentication
  72. #IgnoreUserKnownHosts no
  73. # Don't read the user's ~/.rhosts and ~/.shosts files
  74. #IgnoreRhosts yes
  75.  
  76. # To disable tunneled clear text passwords, change to no here!
  77. #PasswordAuthentication yes
  78. #PermitEmptyPasswords no
  79.  
  80. # Change to no to disable s/key passwords
  81. #ChallengeResponseAuthentication yes
  82. ChallengeResponseAuthentication no
  83.  
  84. # Kerberos options
  85. #KerberosAuthentication no
  86. #KerberosOrLocalPasswd yes
  87. #KerberosTicketCleanup yes
  88. #KerberosGetAFSToken no
  89. #KerberosUseKuserok yes
  90.  
  91. # GSSAPI options
  92. GSSAPIAuthentication yes
  93. GSSAPICleanupCredentials no
  94. #GSSAPIStrictAcceptorCheck yes
  95. #GSSAPIKeyExchange no
  96. #GSSAPIEnablek5users no
  97.  
  98. # Set this to 'yes' to enable PAM authentication, account processing,
  99. # and session processing. If this is enabled, PAM authentication will
  100. # be allowed through the ChallengeResponseAuthentication and
  101. # PasswordAuthentication. Depending on your PAM configuration,
  102. # PAM authentication via ChallengeResponseAuthentication may bypass
  103. # the setting of "PermitRootLogin without-password".
  104. # If you just want the PAM account and session checks to run without
  105. # PAM authentication, then enable this but set PasswordAuthentication
  106. # and ChallengeResponseAuthentication to 'no'.
  107. # WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
  108. # problems.
  109. UsePAM yes
  110.  
  111. #AllowAgentForwarding yes
  112. #AllowTcpForwarding yes
  113. #GatewayPorts no
  114. X11Forwarding yes
  115. #X11DisplayOffset 10
  116. #X11UseLocalhost yes
  117. #PermitTTY yes
  118. #PrintMotd yes
  119. #PrintLastLog yes
  120. #TCPKeepAlive yes
  121. #UseLogin no
  122. UsePrivilegeSeparation sandbox # Default for new installations.
  123. #PermitUserEnvironment no
  124. #Compression delayed
  125. #ClientAliveInterval 0
  126. #ClientAliveCountMax 3
  127. #ShowPatchLevel no
  128. #UseDNS yes
  129. #PidFile /var/run/sshd.pid
  130. #MaxStartups 10:30:100
  131. #PermitTunnel no
  132. #ChrootDirectory none
  133. #VersionAddendum none
  134.  
  135. # no default banner path
  136. #Banner none
  137.  
  138. # Accept locale-related environment variables
  139. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  140. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  141. AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  142. AcceptEnv XMODIFIERS
  143.  
  144. # override default of no subsystems
  145. Subsystem sftp /usr/libexec/openssh/sftp-server
  146.  
  147. # Example of overriding settings on a per-user basis
  148. #Match User anoncvs
  149. # X11Forwarding no
  150. # AllowTcpForwarding no
  151. # PermitTTY no
  152. # ForceCommand cvs server
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!