API tools faq
paste
Guest User

sshd_config dsm 6 beta 2

a guest
Jan 22nd, 2016
356
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.69 KB | None | 0 0
raw download clone embed print report
  1. Ciphers aes128-ctr,[email protected],aes192-ctr,aes256-ctr,[email protected],[email protected]
  2. KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
  3. MACs hmac-sha1,[email protected],hmac-sha2-256,[email protected],hmac-sha2-512,[email protected],[email protected],[email protected],[email protected],[email protected]
  4. # $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
  5.  
  6. # This is the sshd server system-wide configuration file. See
  7. # sshd_config(5) for more information.
  8.  
  9. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  10.  
  11. # The strategy used for options in the default sshd_config shipped with
  12. # OpenSSH is to specify options with their default value where
  13. # possible, but leave them commented. Uncommented options override the
  14. # default value.
  15.  
  16. #Port 22
  17. #AddressFamily any
  18. #ListenAddress 0.0.0.0
  19. #ListenAddress ::
  20.  
  21. # The default requires explicit activation of protocol 1
  22. #Protocol 2
  23.  
  24. # HostKey for protocol version 1
  25. #HostKey /etc/ssh/ssh_host_key
  26. # HostKeys for protocol version 2
  27. #HostKey /etc/ssh/ssh_host_rsa_key
  28. #HostKey /etc/ssh/ssh_host_dsa_key
  29. #HostKey /etc/ssh/ssh_host_ecdsa_key
  30. #HostKey /etc/ssh/ssh_host_ed25519_key
  31.  
  32. # Lifetime and size of ephemeral version 1 server key
  33. #KeyRegenerationInterval 1h
  34. #ServerKeyBits 1024
  35.  
  36. # Ciphers and keying
  37. #RekeyLimit default none
  38.  
  39. # Logging
  40. # obsoletes QuietMode and FascistLogging
  41. #SyslogFacility AUTH
  42. #LogLevel INFO
  43.  
  44. # Authentication:
  45.  
  46. #LoginGraceTime 2m
  47. #PermitRootLogin yes
  48. #StrictModes yes
  49. #MaxAuthTries 6
  50. #MaxSessions 10
  51.  
  52. #RSAAuthentication yes
  53. #PubkeyAuthentication yes
  54.  
  55. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  56. # but this is overridden so installations will only check .ssh/authorized_keys
  57. #AuthorizedKeysFile .ssh/authorized_keys
  58.  
  59. #AuthorizedPrincipalsFile none
  60.  
  61. #AuthorizedKeysCommand none
  62. #AuthorizedKeysCommandUser nobody
  63.  
  64. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  65. #RhostsRSAAuthentication no
  66. # similar for protocol version 2
  67. #HostbasedAuthentication no
  68. # Change to yes if you don't trust ~/.ssh/known_hosts for
  69. # RhostsRSAAuthentication and HostbasedAuthentication
  70. #IgnoreUserKnownHosts no
  71. # Don't read the user's ~/.rhosts and ~/.shosts files
  72. #IgnoreRhosts yes
  73.  
  74. # To disable tunneled clear text passwords, change to no here!
  75. #PasswordAuthentication yes
  76. #PermitEmptyPasswords no
  77.  
  78. # Change to no to disable s/key passwords
  79. ChallengeResponseAuthentication no
  80.  
  81. # Kerberos options
  82. #KerberosAuthentication no
  83. #KerberosOrLocalPasswd yes
  84. #KerberosTicketCleanup yes
  85. #KerberosGetAFSToken no
  86.  
  87. # GSSAPI options
  88. #GSSAPIAuthentication no
  89. #GSSAPICleanupCredentials yes
  90.  
  91. # Set this to 'yes' to enable PAM authentication, account processing,
  92. # and session processing. If this is enabled, PAM authentication will
  93. # be allowed through the ChallengeResponseAuthentication and
  94. # PasswordAuthentication. Depending on your PAM configuration,
  95. # PAM authentication via ChallengeResponseAuthentication may bypass
  96. # the setting of "PermitRootLogin without-password".
  97. # If you just want the PAM account and session checks to run without
  98. # PAM authentication, then enable this but set PasswordAuthentication
  99. # and ChallengeResponseAuthentication to 'no'.
  100. UsePAM yes
  101.  
  102. #AllowAgentForwarding yes
  103. AllowTcpForwarding no
  104. #GatewayPorts no
  105. #X11Forwarding no
  106. #X11DisplayOffset 10
  107. #X11UseLocalhost yes
  108. #PermitTTY yes
  109. #PrintMotd yes
  110. #PrintLastLog yes
  111. #TCPKeepAlive yes
  112. #UseLogin no
  113. UsePrivilegeSeparation sandbox # Default for new installations.
  114. #PermitUserEnvironment no
  115. #Compression delayed
  116. #ClientAliveInterval 0
  117. #ClientAliveCountMax 3
  118. UseDNS no
  119. #PidFile /var/run/sshd.pid
  120. #MaxStartups 10:30:100
  121. #PermitTunnel no
  122. ChrootDirectory none
  123. #VersionAddendum none
  124.  
  125. # no default banner path
  126. #Banner none
  127.  
  128. # override default of no subsystems
  129. #Subsystem sftp /usr/libexec/sftp-server
  130. Subsystem sftp internal-sftp -f DAEMON -u 000
  131.  
  132. # the following are HPN related configuration options
  133. # tcp receive buffer polling. disable in non autotuning kernels
  134. #TcpRcvBufPoll yes
  135.  
  136. # disable hpn performance boosts
  137. #HPNDisabled no
  138.  
  139. # buffer size for hpn to non-hpn connections
  140. #HPNBufferSize 2048
  141.  
  142.  
  143. # allow the use of the none cipher
  144. #NoneEnabled no
  145.  
  146. # Example of overriding settings on a per-user basis
  147. #Match User anoncvs
  148. # X11Forwarding no
  149. # AllowTcpForwarding no
  150. # PermitTTY no
  151. # ForceCommand cvs server
  152. Match User root
  153. AllowTcpForwarding yes
  154. Match User admin
  155. AllowTcpForwarding yes
  156. Match User anonymous
  157. AllowTcpForwarding no
  158. GatewayPorts no
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!