API tools faq
paste
Advertisement
adathor

sshd_conf

adathor
Jan 14th, 2018
286
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.18 KB | None | 0 0
raw download clone embed print report
  1. #   $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
  2.  
  3. # This is the sshd server system-wide configuration file.  See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented.  Uncommented options override the
  11. # default value.
  12.  
  13. #Port 22
  14. #AddressFamily any
  15. #ListenAddress 0.0.0.0
  16. #ListenAddress ::
  17.  
  18. # The default requires explicit activation of protocol 1
  19. #Protocol 2
  20.  
  21. # HostKey for protocol version 1
  22. #HostKey /etc/ssh/ssh_host_key
  23. # HostKeys for protocol version 2
  24. #HostKey /etc/ssh/ssh_host_rsa_key
  25. #HostKey /etc/ssh/ssh_host_dsa_key
  26. #HostKey /etc/ssh/ssh_host_ecdsa_key
  27. #HostKey /etc/ssh/ssh_host_ed25519_key
  28.  
  29. # Minimum accepted size of the DH parameter p. By default this is set to 1024
  30. # to maintain compatibility with RFC4419, but should be set higher.
  31. # Upstream default is identical to setting this to 2048.
  32. #KexDHMin 1024
  33.  
  34. # Lifetime and size of ephemeral version 1 server key
  35. #KeyRegenerationInterval 1h
  36. #ServerKeyBits 1024
  37.  
  38. # Ciphers and keying
  39. #RekeyLimit default none
  40.  
  41. # Logging
  42. # obsoletes QuietMode and FascistLogging
  43. #SyslogFacility AUTH
  44. #LogLevel INFO
  45.  
  46. # Authentication:
  47.  
  48. #LoginGraceTime 2m
  49. #PermitRootLogin yes
  50. #StrictModes yes
  51. #MaxAuthTries 6
  52. #MaxSessions 10
  53.  
  54. #RSAAuthentication yes
  55. #PubkeyAuthentication yes
  56.  
  57. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  58. # but this is overridden so installations will only check .ssh/authorized_keys
  59. AuthorizedKeysFile  .ssh/authorized_keys
  60.  
  61. #AuthorizedPrincipalsFile none
  62.  
  63. #AuthorizedKeysCommand none
  64. #AuthorizedKeysCommandUser nobody
  65.  
  66. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  67. #RhostsRSAAuthentication no
  68. # similar for protocol version 2
  69. #HostbasedAuthentication no
  70. # Change to yes if you don't trust ~/.ssh/known_hosts for
  71. # RhostsRSAAuthentication and HostbasedAuthentication
  72. #IgnoreUserKnownHosts no
  73. # Don't read the user's ~/.rhosts and ~/.shosts files
  74. #IgnoreRhosts yes
  75.  
  76. # To disable tunneled clear text passwords, change to no here!
  77. PasswordAuthentication no
  78. #PermitEmptyPasswords no
  79.  
  80. # Change to no to disable s/key passwords
  81. #ChallengeResponseAuthentication yes
  82.  
  83. # Kerberos options
  84. #KerberosAuthentication no
  85. #KerberosOrLocalPasswd yes
  86. #KerberosTicketCleanup yes
  87. #KerberosGetAFSToken no
  88.  
  89. # GSSAPI options
  90. #GSSAPIAuthentication no
  91. #GSSAPICleanupCredentials yes
  92. #GSSAPIStrictAcceptorCheck yes
  93. #GSSAPIKeyExchange no
  94.  
  95. # Set this to 'yes' to enable PAM authentication, account processing,
  96. # and session processing. If this is enabled, PAM authentication will
  97. # be allowed through the ChallengeResponseAuthentication and
  98. # PasswordAuthentication.  Depending on your PAM configuration,
  99. # PAM authentication via ChallengeResponseAuthentication may bypass
  100. # the setting of "PermitRootLogin without-password".
  101. # If you just want the PAM account and session checks to run without
  102. # PAM authentication, then enable this but set PasswordAuthentication
  103. # and ChallengeResponseAuthentication to 'no'.
  104. UsePAM yes
  105.  
  106. #AllowAgentForwarding yes
  107. AllowTcpForwarding yes
  108. GatewayPorts no
  109. X11Forwarding yes
  110. #X11DisplayOffset 10
  111. #X11UseLocalhost yes
  112. #PermitTTY yes
  113. #PrintMotd yes
  114. #PrintLastLog yes
  115. TCPKeepAlive yes
  116. #UseLogin no
  117. #UsePrivilegeSeparation sandbox
  118. #PermitUserEnvironment no
  119. #Compression delayed
  120. #ClientAliveInterval 0
  121. #ClientAliveCountMax 3
  122. UseDNS no
  123. #PidFile /run/sshd.pid
  124. #MaxStartups 10:30:100
  125. #PermitTunnel no
  126. #ChrootDirectory none
  127. #VersionAddendum none
  128.  
  129. # no default banner path
  130. #Banner none
  131.  
  132. # override default of no subsystems
  133. Subsystem   sftp    /usr/lib/ssh/sftp-server
  134.  
  135. # This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
  136. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  137. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  138. AcceptEnv LC_IDENTIFICATION LC_ALL
  139.  
  140. # Example of overriding settings on a per-user basis
  141. #Match User anoncvs
  142. #   X11Forwarding no
  143. #   AllowTcpForwarding no
  144. #   PermitTTY no
  145. #   ForceCommand cvs server
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!