Guest User

Untitled

a guest
Sep 17th, 2013
1,345
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Package generated configuration file
  2. # See the sshd_config(5) manpage for details
  3.  
  4.  
  5. # What ports, IPs and protocols we listen for
  6. Port 22
  7. # Use these options to restrict which interfaces/protocols sshd will bind to
  8. #ListenAddress ::
  9. #ListenAddress 0.0.0.0
  10. Protocol 2
  11. # HostKeys for protocol version 2
  12. HostKey /etc/ssh/ssh_host_rsa_key
  13. HostKey /etc/ssh/ssh_host_dsa_key
  14. HostKey /etc/ssh/ssh_host_ecdsa_key
  15. #Privilege Separation is turned on for security
  16. UsePrivilegeSeparation yes
  17.  
  18.  
  19. # Lifetime and size of ephemeral version 1 server key
  20. KeyRegenerationInterval 3600
  21. ServerKeyBits 768
  22.  
  23.  
  24. # Logging
  25. SyslogFacility AUTH
  26. LogLevel INFO
  27.  
  28.  
  29. # Authentication:
  30. LoginGraceTime 120
  31. PermitRootLogin yes
  32. StrictModes yes
  33.  
  34.  
  35. RSAAuthentication yes
  36. PubkeyAuthentication yes
  37. #AuthorizedKeysFile %h/.ssh/authorized_keys
  38.  
  39.  
  40. # Don't read the user's ~/.rhosts and ~/.shosts files
  41. IgnoreRhosts yes
  42. # For this to work you will also need host keys in /etc/ssh_known_hosts
  43. RhostsRSAAuthentication no
  44. # similar for protocol version 2
  45. HostbasedAuthentication no
  46. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  47. #IgnoreUserKnownHosts yes
  48.  
  49.  
  50. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  51. PermitEmptyPasswords no
  52.  
  53.  
  54. # Change to yes to enable challenge-response passwords (beware issues with
  55. # some PAM modules and threads)
  56. ChallengeResponseAuthentication no
  57.  
  58.  
  59. # Change to no to disable tunnelled clear text passwords
  60. #PasswordAuthentication no
  61.  
  62.  
  63. # Kerberos options
  64. #KerberosAuthentication no
  65. #KerberosGetAFSToken no
  66. #KerberosOrLocalPasswd yes
  67. #KerberosTicketCleanup yes
  68.  
  69.  
  70. # GSSAPI options
  71. #GSSAPIAuthentication no
  72. #GSSAPICleanupCredentials yes
  73.  
  74.  
  75. X11Forwarding yes
  76. X11DisplayOffset 10
  77. PrintMotd no
  78. PrintLastLog yes
  79. TCPKeepAlive yes
  80. #UseLogin no
  81.  
  82.  
  83. #MaxStartups 10:30:60
  84. #Banner /etc/issue.net
  85.  
  86.  
  87. # Allow client to pass locale environment variables
  88. AcceptEnv LANG LC_*
  89.  
  90.  
  91. Subsystem sftp /usr/lib/openssh/sftp-server
  92.  
  93.  
  94. # Set this to 'yes' to enable PAM authentication, account processing,
  95. # and session processing. If this is enabled, PAM authentication will
  96. # be allowed through the ChallengeResponseAuthentication and
  97. # PasswordAuthentication. Depending on your PAM configuration,
  98. # PAM authentication via ChallengeResponseAuthentication may bypass
  99. # the setting of "PermitRootLogin without-password".
  100. # If you just want the PAM account and session checks to run without
  101. # PAM authentication, then enable this but set PasswordAuthentication
  102. # and ChallengeResponseAuthentication to 'no'.
  103. UsePAM no
RAW Paste Data