daily pastebin goal
57%
SHARE
TWEET

/etc/ssh/sshd_config

s243a Apr 28th, 2018 (edited) 77 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #   $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
  2.  
  3. # This is the sshd server system-wide configuration file.  See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented.  Uncommented options override the
  11. # default value.
  12. #Host *
  13. AllowUsers spot root #added by s243a http://murga-linux.com/puppy/viewtopic.php?p=950757#950757
  14. Port 22 #Uncommented by s243a
  15. AddressFamily inet #Uncommented by s243a (Maybe change to AddressFamily inet)
  16. ListenAddress 0.0.0.0 #Uncommented by s243a 192.168.1.8 #
  17. #ListenAddress :: #Uncommented by s243a
  18.  
  19. # The default requires explicit activation of protocol 1
  20. #Protocol 1
  21. Protocol 1,2
  22.  
  23. # HostKey for protocol version 1
  24. HostKey /etc/ssh/ssh_host_key
  25. # HostKeys for protocol version 2
  26. HostKey /etc/ssh/ssh_host_rsa_key
  27. HostKey /etc/ssh/ssh_host_dsa_key
  28. HostKey /etc/ssh/ssh_host_ecdsa_key
  29. HostKey /etc/ssh/ssh_host_ed25519_key
  30.  
  31. # Lifetime and size of ephemeral version 1 server key
  32. KeyRegenerationInterval 1h
  33. ServerKeyBits 1024
  34.  
  35. # Ciphers and keying
  36. #RekeyLimit default none
  37. #Ciphers blowfish-cbc
  38.  
  39. # Logging
  40. # obsoletes QuietMode and FascistLogging
  41. SyslogFacility AUTHPRIV
  42. #LogLevel INFO
  43. LogLevel VERBOSE #INFO
  44.  
  45. # Authentication:
  46.  
  47. LoginGraceTime 2m
  48. # See /usr/share/doc/openssh-server/README.Debian.gz.
  49. PermitRootLogin yes #Uncommented by s243a http://murga-linux.com/puppy/viewtopic.php?p=950760#950760
  50. #StrictModes yes
  51. #MaxAuthTries 6
  52. #MaxSessions 10
  53.  
  54. RSAAuthentication yes
  55. PubkeyAuthentication yes
  56.  
  57. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  58. # but this is overridden so installations will only check .ssh/authorized_keys
  59. AuthorizedKeysFile  .ssh/authorized_keys
  60.  
  61. #AuthorizedPrincipalsFile none
  62.  
  63. #AuthorizedKeysCommand none
  64. #AuthorizedKeysCommandUser nobody
  65.  
  66. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  67. #RhostsRSAAuthentication no
  68. # similar for protocol version 2
  69. #HostbasedAuthentication no
  70. # Change to yes if you don't trust ~/.ssh/known_hosts for
  71. # RhostsRSAAuthentication and HostbasedAuthentication
  72. #IgnoreUserKnownHosts no
  73. # Don't read the user's ~/.rhosts and ~/.shosts files
  74. #IgnoreRhosts yes
  75.  
  76. # To disable tunneled clear text passwords, change to no here!
  77. #PasswordAuthentication yes
  78. #PermitEmptyPasswords no
  79.  
  80. # Change to no to disable s/key passwords
  81. #ChallengeResponseAuthentication yes
  82.  
  83. # Kerberos options
  84. #KerberosAuthentication no
  85. #KerberosOrLocalPasswd yes
  86. #KerberosTicketCleanup yes
  87. #KerberosGetAFSToken no
  88.  
  89. # GSSAPI options
  90. #GSSAPIAuthentication no
  91. #GSSAPICleanupCredentials yes
  92. #GSSAPIStrictAcceptorCheck yes
  93. #GSSAPIKeyExchange no
  94.  
  95. # Set this to 'yes' to enable PAM authentication, account processing,
  96. # and session processing. If this is enabled, PAM authentication will
  97. # be allowed through the ChallengeResponseAuthentication and
  98. # PasswordAuthentication.  Depending on your PAM configuration,
  99. # PAM authentication via ChallengeResponseAuthentication may bypass
  100. # the setting of "PermitRootLogin without-password".
  101. # If you just want the PAM account and session checks to run without
  102. # PAM authentication, then enable this but set PasswordAuthentication
  103. # and ChallengeResponseAuthentication to 'no'.
  104. #UsePAM no
  105.  
  106. AllowAgentForwarding yes
  107. AllowTcpForwarding yes #Uncommented by s243a http://murga-linux.com/puppy/viewtopic.php?p=950764#950764
  108. GatewayPorts yes
  109. X11Forwarding yes
  110. X11DisplayOffset 10
  111. X11UseLocalhost no
  112. XAuthLocation /usr/bin/xauth  #/usr/bin/X11/xauth  /root/.Xauthority
  113. PermitTTY yes
  114. PrintMotd yes
  115. PrintLastLog yes
  116. TCPKeepAlive yes #uncommented by s243a http://murga-linux.com/puppy/viewtopic.php?p=950764#950764
  117. UseLogin yes
  118. #UsePrivilegeSeparation sandbox     # Default for new installations.
  119. #PermitUserEnvironment no
  120. Compression delayed
  121. #ClientAliveInterval 0
  122. #ClientAliveCountMax 3
  123. #UseDNS yes
  124. PidFile /var/run/sshd.pid
  125. #MaxStartups 10:30:100
  126. PermitTunnel yes
  127. #ChrootDirectory none
  128. #VersionAddendum none
  129.  
  130. # no default banner path
  131. #Banner none
  132.  
  133. # override default of no subsystems
  134. #Subsystem  sftp    /usr/libexec/sftp-server
  135.  
  136. # Example of overriding settings on a per-user basis
  137. #Match User anoncvs
  138. #   X11Forwarding yes
  139. #   AllowTcpForwarding yes
  140. #   PermitTTY no
  141. #   ForceCommand cvs server
  142.  
  143.  #added by s243a http://murga-linux.com/puppy/viewtopic.php?p=950760#950760
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top