API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 26th, 2012
32
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.59 KB | None | 0 0
raw download clone embed print report
  1. # Package generated configuration file
  2. # See the sshd_config(5) manpage for details
  3.  
  4. # What ports, IPs and protocols we listen for
  5. # Use these options to restrict which interfaces/protocols sshd will bind to
  6. #ListenAddress ::
  7. #ListenAddress 0.0.0.0
  8. Protocol 2
  9. # HostKeys for protocol version 2
  10. HostKey /etc/ssh/publicSSHkeys/authorized_keys
  11. HostKey /etc/ssh/publicSSHkeys/authorized_keys
  12. HostKey /etc/ssh/publicSSHkeys/authorized_keys
  13. UsePAM yes
  14. AllowUsers cc
  15. GatewayPorts no
  16. KeepAlive yes
  17. IgnoreUserKnownHosts yes
  18. PasswordAuthentication yes
  19. AuthorizedKeysFile /etc/ssh/publicSSHkeys/authorized_keys
  20. Port 44444
  21. #Privilege Separation is turned on for security
  22. UsePrivilegeSeparation yes
  23. AllowTcpForwarding yes
  24.  
  25. # Lifetime and size of ephemeral version 1 server key
  26. KeyRegenerationInterval 3600
  27.  
  28.  
  29.  
  30. # Logging
  31. SyslogFacility AUTH
  32. LogLevel INFO
  33.  
  34. # Authentication:
  35. LoginGraceTime 120
  36. PermitRootLogin no
  37. StrictModes yes
  38.  
  39. RSAAuthentication no
  40. PubkeyAuthentication no
  41.  
  42. # Don't read the user's ~/.rhosts and ~/.shosts files
  43. IgnoreRhosts yes
  44. # For this to work you will also need host keys in /etc/ssh_known_hosts
  45. RhostsRSAAuthentication no
  46. # similar for protocol version 2
  47. HostbasedAuthentication no
  48. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  49. #IgnoreUserKnownHosts yes
  50.  
  51. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  52. PermitEmptyPasswords yes
  53.  
  54. # Change to yes to enable challenge-response passwords (beware issues with
  55. # some PAM modules and threads)
  56. ChallengeResponseAuthentication yes
  57.  
  58. # Kerberos options
  59. #KerberosAuthentication no
  60. #KerberosGetAFSToken no
  61. #KerberosOrLocalPasswd yes
  62. #KerberosTicketCleanup yes
  63.  
  64. # GSSAPI options
  65. #GSSAPIAuthentication no
  66. #GSSAPICleanupCredentials yes
  67.  
  68. X11Forwarding yes
  69. X11DisplayOffset 10
  70. PrintMotd yes
  71. PrintLastLog yes
  72. TCPKeepAlive yes
  73. #UseLogin no
  74.  
  75. #MaxStartups 10:30:60
  76. #Banner /etc/issue.net
  77.  
  78. # Allow client to pass locale environment variables
  79. AcceptEnv LANG LC_*
  80.  
  81. Subsystem sftp /usr/lib/openssh/sftp-server
  82.  
  83. # Set this to 'yes' to enable PAM authentication, account processing,
  84. # and session processing. If this is enabled, PAM authentication will
  85. # be allowed through the ChallengeResponseAuthentication and
  86. # PasswordAuthentication. Depending on your PAM configuration,
  87. # PAM authentication via ChallengeResponseAuthentication may bypass
  88. # the setting of "PermitRootLogin without-password".
  89. # If you just want the PAM account and session checks to run without
  90. # PAM authentication, then enable this but set PasswordAuthentication
  91. # and ChallengeResponseAuthentication to 'no'.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!