Advertisement
Guest User

Untitled

a guest
Dec 28th, 2012
168
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.98 KB | None | 0 0
  1. # Package generated configuration file
  2. # See the sshd_config(5) manpage for details
  3.  
  4. # What ports, IPs and protocols we listen for
  5. Port 22
  6. # Use these options to restrict which interfaces/protocols sshd will bind to
  7. #ListenAddress ::
  8. #ListenAddress 0.0.0.0
  9. Protocol 2
  10. # HostKeys for protocol version 2
  11. HostKey /etc/ssh/ssh_host_rsa_key
  12. HostKey /etc/ssh/ssh_host_dsa_key
  13. HostKey /etc/ssh/ssh_host_ecdsa_key
  14. #Privilege Separation is turned on for security
  15. UsePrivilegeSeparation yes
  16.  
  17. # Lifetime and size of ephemeral version 1 server key
  18. KeyRegenerationInterval 3600
  19. ServerKeyBits 768
  20.  
  21. # Logging
  22. SyslogFacility AUTH
  23. LogLevel INFO
  24.  
  25. # Authentication:
  26. LoginGraceTime 120
  27. PermitRootLogin yes
  28. StrictModes yes
  29.  
  30. RSAAuthentication yes
  31. PubkeyAuthentication yes
  32. #AuthorizedKeysFile %h/.ssh/authorized_keys
  33.  
  34. # Don't read the user's ~/.rhosts and ~/.shosts files
  35. IgnoreRhosts yes
  36. # For this to work you will also need host keys in /etc/ssh_known_hosts
  37. RhostsRSAAuthentication no
  38. # similar for protocol version 2
  39. HostbasedAuthentication no
  40. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  41. #IgnoreUserKnownHosts yes
  42.  
  43. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  44. PermitEmptyPasswords no
  45.  
  46. # Change to yes to enable challenge-response passwords (beware issues with
  47. # some PAM modules and threads)
  48. ChallengeResponseAuthentication no
  49.  
  50. # Change to no to disable tunnelled clear text passwords
  51. #PasswordAuthentication yes
  52.  
  53. # Kerberos options
  54. #KerberosAuthentication no
  55. #KerberosGetAFSToken no
  56. #KerberosOrLocalPasswd yes
  57. #KerberosTicketCleanup yes
  58.  
  59. # GSSAPI options
  60. GSSAPIAuthentication yes
  61. #GSSAPICleanupCredentials yes
  62.  
  63. X11Forwarding yes
  64. X11DisplayOffset 10
  65. PrintMotd no
  66. PrintLastLog yes
  67. TCPKeepAlive yes
  68. #UseLogin no
  69.  
  70. #MaxStartups 10:30:60
  71. #Banner /etc/issue.net
  72.  
  73. # Allow client to pass locale environment variables
  74. AcceptEnv LANG LC_*
  75.  
  76. # Subsystem sftp /usr/lib/openssh/sftp-server
  77.  
  78. # Set this to 'yes' to enable PAM authentication, account processing,
  79. # and session processing. If this is enabled, PAM authentication will
  80. # be allowed through the ChallengeResponseAuthentication and
  81. # PasswordAuthentication. Depending on your PAM configuration,
  82. # PAM authentication via ChallengeResponseAuthentication may bypass
  83. # the setting of "PermitRootLogin without-password".
  84. # If you just want the PAM account and session checks to run without
  85. # PAM authentication, then enable this but set PasswordAuthentication
  86. # and ChallengeResponseAuthentication to 'no'.
  87. # UsePAM yes
  88.  
  89. # Subsystem sftp internal-sftp
  90. Subsystem sftp internal-sftp
  91.  
  92. Match user justin
  93. # The following two directives force ben_files to become chrooted
  94. # and only have sftp available. No other chroot setup is required.
  95. ChrootDirectory /var/www/
  96. ForceCommand internal-sftp
  97. # For additional paranoia, disallow all types of port forwardings.
  98. AllowTcpForwarding no
  99. GatewayPorts no
  100. X11Forwarding no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement