SHARE
TWEET

Untitled

a guest Aug 22nd, 2019 74 in 3 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #      $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
  2.  
  3. # This is the sshd server system-wide configuration file.  See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented.  Uncommented options override the
  11. # default value.
  12.  
  13. #Port 22
  14. #AddressFamily any
  15. #ListenAddress 0.0.0.0
  16. #ListenAddress ::
  17.  
  18. #HostKey /etc/ssh/ssh_host_rsa_key
  19. #HostKey /etc/ssh/ssh_host_ecdsa_key
  20. #HostKey /etc/ssh/ssh_host_ed25519_key
  21.  
  22. # Ciphers and keying
  23. #RekeyLimit default none
  24.  
  25. # Logging
  26. #SyslogFacility AUTH
  27. #LogLevel INFO
  28.  
  29. # Authentication:
  30.  
  31. #LoginGraceTime 2m
  32. PermitRootLogin no
  33. #StrictModes yes
  34. #MaxAuthTries 6
  35. #MaxSessions 10
  36.  
  37. #PubkeyAuthentication yes
  38.  
  39. # Expect .ssh/authorized_keys2 to be disregarded by default in future.
  40. #AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2
  41.  
  42. #AuthorizedPrincipalsFile none
  43.  
  44. #AuthorizedKeysCommand none
  45. #AuthorizedKeysCommandUser nobody
  46.  
  47. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  48. #HostbasedAuthentication no
  49. # Change to yes if you don't trust ~/.ssh/known_hosts for
  50. # HostbasedAuthentication
  51. #IgnoreUserKnownHosts no
  52. # Don't read the user's ~/.rhosts and ~/.shosts files
  53. #IgnoreRhosts yes
  54.  
  55. # To disable tunneled clear text passwords, change to no here!
  56. #PasswordAuthentication yes
  57. #PermitEmptyPasswords no
  58.  
  59. # Change to yes to enable challenge-response passwords (beware issues with
  60. # some PAM modules and threads)
  61. ChallengeResponseAuthentication no
  62.  
  63. # Kerberos options
  64. #KerberosAuthentication no
  65. #KerberosOrLocalPasswd yes
  66. #KerberosTicketCleanup yes
  67. #KerberosGetAFSToken no
  68.  
  69. # GSSAPI options
  70. #GSSAPIAuthentication no
  71. #GSSAPICleanupCredentials yes
  72. #GSSAPIStrictAcceptorCheck yes
  73. #GSSAPIKeyExchange no
  74.  
  75. # Set this to 'yes' to enable PAM authentication, account processing,
  76. # and session processing. If this is enabled, PAM authentication will
  77. # be allowed through the ChallengeResponseAuthentication and
  78. # PasswordAuthentication.  Depending on your PAM configuration,
  79. # PAM authentication via ChallengeResponseAuthentication may bypass
  80. # the setting of "PermitRootLogin yes
  81. # If you just want the PAM account and session checks to run without
  82. # PAM authentication, then enable this but set PasswordAuthentication
  83. # and ChallengeResponseAuthentication to 'no'.
  84. UsePAM yes
  85.  
  86. #AllowAgentForwarding yes
  87. #AllowTcpForwarding yes
  88. #GatewayPorts no
  89. X11Forwarding no
  90. #X11DisplayOffset 10
  91. #X11UseLocalhost yes
  92. #PermitTTY yes
  93. PrintMotd no
  94. #PrintLastLog yes
  95. #TCPKeepAlive yes
  96. #UseLogin no
  97. #UsePrivilegeSeparation sandbox
  98. #PermitUserEnvironment no
  99. #Compression delayed
  100. #ClientAliveInterval 0
  101. #ClientAliveCountMax 3
  102. #UseDNS no
  103. #PidFile /var/run/sshd.pid
  104. #MaxStartups 10:30:100
  105. #PermitTunnel no
  106. #ChrootDirectory none
  107. #VersionAddendum none
  108.  
  109. # no default banner path
  110. #Banner none
  111.  
  112. # Allow client to pass locale environment variables
  113. AcceptEnv LANG LC_*
  114.  
  115. # override default of no subsystems
  116. Subsystem sftp  /usr/lib/openssh/sftp-server
  117.  
  118. # Example of overriding settings on a per-user basis
  119. #Match User anoncvs
  120. #       X11Forwarding no
  121. #       AllowTcpForwarding no
  122. #       PermitTTY no
  123. #       ForceCommand cvs server
  124.  
  125. ClientAliveInterval 120
  126. PasswordAuthentication yes
  127.  
  128. AllowUsers nkoli LoLll
  129. IgnoreRhosts yes
  130. MaxAuthTries 3
  131. IgnoreUserKnownHosts no
  132. StrictModes yes
  133. PubkeyAuthentication yes
  134. RSAAuthentication yes
  135. PermitEmptyPasswords no
  136. UsePrivilegeSeparation yes
  137. Port 22
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top