daily pastebin goal
36%
SHARE
TWEET

/etc/ssh/sshd_config

s243a Apr 28th, 2018 (edited) 70 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #   $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
  2.  
  3. # This is the sshd server system-wide configuration file.  See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented.  Uncommented options override the
  11. # default value.
  12. #Host *
  13. AllowUsers spot root #added by s243a http://murga-linux.com/puppy/viewtopic.php?p=950757#950757
  14. Port 22 #Uncommented by s243a
  15. AddressFamily inet #Uncommented by s243a (Maybe change to AddressFamily inet)
  16. ListenAddress 0.0.0.0 #Uncommented by s243a 192.168.1.8 #
  17. #ListenAddress :: #Uncommented by s243a
  18.  
  19. # The default requires explicit activation of protocol 1
  20. #Protocol 1
  21. Protocol 1,2
  22.  
  23. # HostKey for protocol version 1
  24. HostKey /etc/ssh/ssh_host_key
  25. # HostKeys for protocol version 2
  26. HostKey /etc/ssh/ssh_host_rsa_key
  27. HostKey /etc/ssh/ssh_host_dsa_key
  28. HostKey /etc/ssh/ssh_host_ecdsa_key
  29. HostKey /etc/ssh/ssh_host_ed25519_key
  30.  
  31. # Lifetime and size of ephemeral version 1 server key
  32. KeyRegenerationInterval 1h
  33. ServerKeyBits 1024
  34.  
  35. # Ciphers and keying
  36. #RekeyLimit default none
  37. #Ciphers blowfish-cbc
  38.  
  39. # Logging
  40. # obsoletes QuietMode and FascistLogging
  41. SyslogFacility AUTHPRIV
  42. #LogLevel INFO
  43. LogLevel VERBOSE #INFO
  44.  
  45. # Authentication:
  46.  
  47. LoginGraceTime 2m
  48. # See /usr/share/doc/openssh-server/README.Debian.gz.
  49. PermitRootLogin yes #Uncommented by s243a http://murga-linux.com/puppy/viewtopic.php?p=950760#950760
  50. #StrictModes yes
  51. #MaxAuthTries 6
  52. #MaxSessions 10
  53.  
  54. RSAAuthentication yes
  55. PubkeyAuthentication yes
  56.  
  57. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  58. # but this is overridden so installations will only check .ssh/authorized_keys
  59. AuthorizedKeysFile  .ssh/authorized_keys
  60.  
  61. #AuthorizedPrincipalsFile none
  62.  
  63. #AuthorizedKeysCommand none
  64. #AuthorizedKeysCommandUser nobody
  65.  
  66. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  67. #RhostsRSAAuthentication no
  68. # similar for protocol version 2
  69. #HostbasedAuthentication no
  70. # Change to yes if you don't trust ~/.ssh/known_hosts for
  71. # RhostsRSAAuthentication and HostbasedAuthentication
  72. #IgnoreUserKnownHosts no
  73. # Don't read the user's ~/.rhosts and ~/.shosts files
  74. #IgnoreRhosts yes
  75.  
  76. # To disable tunneled clear text passwords, change to no here!
  77. #PasswordAuthentication yes
  78. #PermitEmptyPasswords no
  79.  
  80. # Change to no to disable s/key passwords
  81. #ChallengeResponseAuthentication yes
  82.  
  83. # Kerberos options
  84. #KerberosAuthentication no
  85. #KerberosOrLocalPasswd yes
  86. #KerberosTicketCleanup yes
  87. #KerberosGetAFSToken no
  88.  
  89. # GSSAPI options
  90. #GSSAPIAuthentication no
  91. #GSSAPICleanupCredentials yes
  92. #GSSAPIStrictAcceptorCheck yes
  93. #GSSAPIKeyExchange no
  94.  
  95. # Set this to 'yes' to enable PAM authentication, account processing,
  96. # and session processing. If this is enabled, PAM authentication will
  97. # be allowed through the ChallengeResponseAuthentication and
  98. # PasswordAuthentication.  Depending on your PAM configuration,
  99. # PAM authentication via ChallengeResponseAuthentication may bypass
  100. # the setting of "PermitRootLogin without-password".
  101. # If you just want the PAM account and session checks to run without
  102. # PAM authentication, then enable this but set PasswordAuthentication
  103. # and ChallengeResponseAuthentication to 'no'.
  104. #UsePAM no
  105.  
  106. AllowAgentForwarding yes
  107. AllowTcpForwarding yes #Uncommented by s243a http://murga-linux.com/puppy/viewtopic.php?p=950764#950764
  108. GatewayPorts yes
  109. X11Forwarding yes
  110. X11DisplayOffset 10
  111. X11UseLocalhost no
  112. XAuthLocation /usr/bin/xauth  #/usr/bin/X11/xauth  /root/.Xauthority
  113. PermitTTY yes
  114. PrintMotd yes
  115. PrintLastLog yes
  116. TCPKeepAlive yes #uncommented by s243a http://murga-linux.com/puppy/viewtopic.php?p=950764#950764
  117. UseLogin yes
  118. #UsePrivilegeSeparation sandbox     # Default for new installations.
  119. #PermitUserEnvironment no
  120. Compression delayed
  121. #ClientAliveInterval 0
  122. #ClientAliveCountMax 3
  123. #UseDNS yes
  124. PidFile /var/run/sshd.pid
  125. #MaxStartups 10:30:100
  126. PermitTunnel yes
  127. #ChrootDirectory none
  128. #VersionAddendum none
  129.  
  130. # no default banner path
  131. #Banner none
  132.  
  133. # override default of no subsystems
  134. #Subsystem  sftp    /usr/libexec/sftp-server
  135.  
  136. # Example of overriding settings on a per-user basis
  137. #Match User anoncvs
  138. #   X11Forwarding yes
  139. #   AllowTcpForwarding yes
  140. #   PermitTTY no
  141. #   ForceCommand cvs server
  142.  
  143.  #added by s243a http://murga-linux.com/puppy/viewtopic.php?p=950760#950760
RAW Paste Data
Top