API tools faq
paste
Guest User

Untitled

a guest
Mar 23rd, 2018
287
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.02 KB | None | 0 0
raw download clone embed print report
  1. # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
  2.  
  3. # This is the sshd server system-wide configuration file. See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented. Uncommented options override the
  11. # default value.
  12.  
  13. #Port 22
  14. #AddressFamily any
  15. #ListenAddress 0.0.0.0
  16. #ListenAddress ::
  17.  
  18. #HostKey /etc/ssh/ssh_host_rsa_key
  19. #HostKey /etc/ssh/ssh_host_ecdsa_key
  20. #HostKey /etc/ssh/ssh_host_ed25519_key
  21.  
  22. # Ciphers and keying
  23. #RekeyLimit default none
  24.  
  25. # Logging
  26. #SyslogFacility AUTH
  27. #LogLevel INFO
  28.  
  29. # Authentication:
  30.  
  31. #LoginGraceTime 2m
  32. #PermitRootLogin prohibit-password
  33. #StrictModes yes
  34. #MaxAuthTries 6
  35. #MaxSessions 10
  36.  
  37. #PubkeyAuthentication yes
  38.  
  39. # Expect .ssh/authorized_keys2 to be disregarded by default in future.
  40. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
  41.  
  42. #AuthorizedPrincipalsFile none
  43.  
  44. #AuthorizedKeysCommand none
  45. #AuthorizedKeysCommandUser nobody
  46.  
  47. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  48. #HostbasedAuthentication no
  49. # Change to yes if you don't trust ~/.ssh/known_hosts for
  50. # HostbasedAuthentication
  51. #IgnoreUserKnownHosts no
  52. # Don't read the user's ~/.rhosts and ~/.shosts files
  53. #IgnoreRhosts yes
  54.  
  55. # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no
  56. #PermitEmptyPasswords no
  57.  
  58. # Change to yes to enable challenge-response passwords (beware issues with
  59. # some PAM modules and threads) ChallengeResponseAuthentication no
  60.  
  61. # Kerberos options
  62. #KerberosAuthentication no
  63. #KerberosOrLocalPasswd yes
  64. #KerberosTicketCleanup yes
  65. #KerberosGetAFSToken no
  66.  
  67. # GSSAPI options
  68. #GSSAPIAuthentication no
  69. #GSSAPICleanupCredentials yes
  70. #GSSAPIStrictAcceptorCheck yes
  71. #GSSAPIKeyExchange no
  72.  
  73. # Set this to 'yes' to enable PAM authentication, account processing,
  74. # and session processing. If this is enabled, PAM authentication will
  75. # be allowed through the ChallengeResponseAuthentication and
  76. # PasswordAuthentication. Depending on your PAM configuration,
  77. # PAM authentication via ChallengeResponseAuthentication may bypass
  78. # the setting of "PermitRootLogin without-password".
  79. # If you just want the PAM account and session checks to run without
  80. # PAM authentication, then enable this but set PasswordAuthentication
  81. # and ChallengeResponseAuthentication to 'no'. UsePAM yes
  82.  
  83. #AllowAgentForwarding yes
  84. #AllowTcpForwarding yes
  85. #GatewayPorts no X11Forwarding yes
  86. #X11DisplayOffset 10
  87. #X11UseLocalhost yes
  88. #PermitTTY yes PrintMotd no
  89. #PrintLastLog yes
  90. #TCPKeepAlive yes
  91. #UseLogin no
  92. #UsePrivilegeSeparation sandbox
  93. #PermitUserEnvironment no
  94. #Compression delayed ClientAliveInterval 0 ClientAliveCountMax 3
  95. #UseDNS no
  96. #PidFile /var/run/sshd.pid
  97. #MaxStartups 10:30:100
  98. #PermitTunnel no
  99. #ChrootDirectory none
  100. #VersionAddendum none
  101.  
  102. # no default banner path
  103. #Banner none
  104.  
  105. # Allow client to pass locale environment variables AcceptEnv LANG LC_*
  106.  
  107. # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server
  108.  
  109. # Example of overriding settings on a per-user basis
  110. #Match User anoncvs
  111. # X11Forwarding no
  112. # AllowTcpForwarding no
  113. # PermitTTY no
  114. # ForceCommand cvs server
  115.  
  116. Match Address 127.0.0.0/8 PasswordAuthentication yes PermitEmptyPasswords yes
  117.  
  118. Match user diskuser ForceCommand internal-sftp ChrootDirectory /mnt/daten
  119.  
  120. Match user diskuser-privat ForceCommand internal-sftp ChrootDirectory /mnt/privat
  121.  
  122. $ /usr/sbin/sshd -p2222 -ddd
  123. --- Beginning stripped for clarity ---
  124. debug3: checking match for 'Address 127.0.0.0/8' user user host 127.0.0.1 addr 127.0.0.1 laddr 127.0.0.1 lport 2222
  125. debug1: connection from 127.0.0.1 matched 'Address 127.0.0.0/8' at line 125
  126. debug3: match found
  127. debug3: reprocess config:126 setting PasswordAuthentication yes
  128. debug3: reprocess config:127 setting PermitEmptyPasswords yes
  129. debug3: checking match for 'user diskuser' user user host 127.0.0.1 addr 127.0.0.1 laddr 127.0.0.1 lport 2222
  130. debug3: match not found
  131. debug3: checking match for 'user diskuser-privat' user user host 127.0.0.1 addr 127.0.0.1 laddr 127.0.0.1 lport 2222
  132. debug3: match not found
  133. debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
  134. debug3: mm_request_send entering: type 9
  135. debug2: monitor_read: 8 used once, disabling now
  136. debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
  137. debug3: mm_request_receive_expect entering: type 9 [preauth]
  138. debug3: mm_request_receive entering [preauth]
  139. debug2: input_userauth_request: setting up authctxt for user [preauth]
  140. debug3: mm_start_pam entering [preauth]
  141. debug3: mm_request_send entering: type 100 [preauth]
  142. debug3: mm_inform_authserv entering [preauth]
  143. debug3: mm_request_send entering: type 4 [preauth]
  144. debug3: mm_request_receive entering
  145. debug3: monitor_read: checking request 100
  146. debug1: PAM: initializing for "user"
  147. debug1: PAM: setting PAM_RHOST to "127.0.0.1"
  148. debug1: PAM: setting PAM_TTY to "ssh"
  149. debug2: monitor_read: 100 used once, disabling now
  150. debug2: input_userauth_request: try method none [preauth]
  151. debug3: mm_auth_password entering [preauth]
  152. debug3: mm_request_send entering: type 12 [preauth]
  153. debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
  154. debug3: mm_request_receive_expect entering: type 13 [preauth]
  155. debug3: mm_request_receive entering [preauth]
  156. debug3: mm_request_receive entering
  157. debug3: monitor_read: checking request 4
  158. debug3: mm_answer_authserv: service=ssh-connection, style=, role=
  159. debug2: monitor_read: 4 used once, disabling now
  160. debug3: mm_request_receive entering
  161. debug3: monitor_read: checking request 12
  162. debug3: PAM: sshpam_passwd_conv called with 1 messages
  163. debug1: PAM: password authentication failed for user: Authentication failure
  164. debug3: mm_answer_authpassword: sending result 0
  165. debug3: mm_request_send entering: type 13
  166. Failed none for user from 127.0.0.1 port 36202 ssh2
  167. debug3: mm_auth_password: user not authenticated [preauth]
  168. debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
  169. debug3: send packet: type 51 [preauth]
  170.  
  171. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: recv_rexec_state: entering fd = 5
  172. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: ssh_msg_recv entering
  173. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: recv_rexec_state: done
  174. Mar 23 11:09:52 manuel-nas sshd[23081]: debug2: parse_server_config: config rexec len 563
  175. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: rexec:56 setting PasswordAuthentication no
  176. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: rexec:61 setting ChallengeResponseAuthentication no
  177. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: rexec:84 setting UsePAM yes
  178. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: rexec:89 setting X11Forwarding yes
  179. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: rexec:93 setting PrintMotd no
  180. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: rexec:100 setting ClientAliveInterval 0
  181. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: rexec:101 setting ClientAliveCountMax 3
  182. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: rexec:113 setting AcceptEnv LANG LC_*
  183. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: rexec:116 setting Subsystem sftpt/usr/lib/openssh/sftp-server
  184. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: checking syntax for 'Match Address 127.0.0.0/8'
  185. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: checking syntax for 'Match user diskuser'
  186. Mar 23 11:09:52 manuel-nas sshd[23081]: debug3: checking syntax for 'Match user diskuser-privat'
  187. Mar 23 11:09:52 manuel-nas sshd[23081]: debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2l 25 May 2017
  188. Mar 23 11:09:52 manuel-nas sshd[23081]: debug1: private host key #0: ssh-rsa SHA256:< removed for confidentiality >
  189. Mar 23 11:09:52 manuel-nas sshd[23081]: debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:< removed for confidentiality >
  190. Mar 23 11:09:52 manuel-nas sshd[23081]: debug1: private host key #2: ssh-ed25519 SHA256:< removed for confidentiality >
  191. Mar 23 11:09:52 manuel-nas sshd[23081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=user
  192.  
  193. $ ssh 127.0.0.1 -p2222
  194. user@127.0.0.1's password:
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!