API tools faq
paste
Advertisement
ManyolElek

SSH - RHELL

ManyolElek
Apr 26th, 2019
147
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.98 KB | None | 0 0
raw download clone embed print report
  1. # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
  2.  
  3. # This is the sshd server system-wide configuration file. See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented. Uncommented options override the
  11. # default value.
  12.  
  13. # If you want to change the port on a SELinux system, you have to tell
  14. # SELinux about this change.
  15. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
  16. #
  17. #Port 22
  18. #AddressFamily any
  19. #ListenAddress 0.0.0.0
  20. #ListenAddress ::
  21.  
  22. HostKey /etc/ssh/ssh_host_rsa_key
  23. #HostKey /etc/ssh/ssh_host_dsa_key
  24. HostKey /etc/ssh/ssh_host_ecdsa_key
  25. HostKey /etc/ssh/ssh_host_ed25519_key
  26.  
  27. # Ciphers and keying
  28. #RekeyLimit default none
  29.  
  30. # Logging
  31. #SyslogFacility AUTH
  32. SyslogFacility AUTHPRIV
  33. #LogLevel INFO
  34.  
  35. # Authentication:
  36.  
  37. #LoginGraceTime 2m
  38. #PermitRootLogin yes
  39. # Only allow root to run commands over ssh, no shell
  40. PermitRootLogin forced-commands-only
  41. #StrictModes yes
  42. #MaxAuthTries 6
  43. #MaxSessions 10
  44.  
  45. #PubkeyAuthentication yes
  46.  
  47. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  48. # but this is overridden so installations will only check .ssh/authorized_keys
  49. AuthorizedKeysFile .ssh/authorized_keys
  50.  
  51. #AuthorizedPrincipalsFile none
  52.  
  53. #AuthorizedKeysCommand none
  54. #AuthorizedKeysCommandUser nobody
  55.  
  56. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  57. #HostbasedAuthentication no
  58. # Change to yes if you don't trust ~/.ssh/known_hosts for
  59. # HostbasedAuthentication
  60. #IgnoreUserKnownHosts no
  61. # Don't read the user's ~/.rhosts and ~/.shosts files
  62. #IgnoreRhosts yes
  63.  
  64. # EC2 uses keys for remote access
  65. PasswordAuthentication yes
  66. #PermitEmptyPasswords no
  67.  
  68. # Change to no to disable s/key passwords
  69. #ChallengeResponseAuthentication yes
  70. ChallengeResponseAuthentication yes
  71.  
  72. # Kerberos options
  73. #KerberosAuthentication no
  74. #KerberosOrLocalPasswd yes
  75. #KerberosTicketCleanup yes
  76. #KerberosGetAFSToken no
  77. #KerberosUseKuserok yes
  78.  
  79. # GSSAPI options
  80. #GSSAPIAuthentication no
  81. #GSSAPICleanupCredentials yes
  82. #GSSAPIStrictAcceptorCheck yes
  83. #GSSAPIKeyExchange no
  84. #GSSAPIEnablek5users no
  85.  
  86. # Set this to 'yes' to enable PAM authentication, account processing,
  87. # and session processing. If this is enabled, PAM authentication will
  88. # be allowed through the ChallengeResponseAuthentication and
  89. # PasswordAuthentication. Depending on your PAM configuration,
  90. # PAM authentication via ChallengeResponseAuthentication may bypass
  91. # the setting of "PermitRootLogin without-password".
  92. # If you just want the PAM account and session checks to run without
  93. # PAM authentication, then enable this but set PasswordAuthentication
  94. # and ChallengeResponseAuthentication to 'no'.
  95. # WARNING: 'UsePAM no' is not supported in Amazon Linux AMI and may cause several
  96. # problems.
  97. UsePAM yes
  98.  
  99. #AllowAgentForwarding yes
  100. #AllowTcpForwarding yes
  101. #GatewayPorts no
  102. X11Forwarding yes
  103. #X11DisplayOffset 10
  104. #X11UseLocalhost yes
  105. #PermitTTY yes
  106. #PrintMotd yes
  107. PrintLastLog yes
  108. #TCPKeepAlive yes
  109. #UseLogin no
  110. UsePrivilegeSeparation sandbox
  111. #PermitUserEnvironment no
  112. #Compression delayed
  113. #ClientAliveInterval 0
  114. #ClientAliveCountMax 3
  115. #ShowPatchLevel no
  116. #UseDNS no
  117. #PidFile /var/run/sshd.pid
  118. #MaxStartups 10:30:100
  119. #PermitTunnel no
  120. #ChrootDirectory none
  121. #VersionAddendum none
  122.  
  123. # no default banner path
  124. #Banner none
  125.  
  126. # Accept locale-related environment variables
  127. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  128. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  129. AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  130. AcceptEnv XMODIFIERS
  131.  
  132. # override default of no subsystems
  133. Subsystem sftp /usr/libexec/openssh/sftp-server
  134.  
  135. # Example of overriding settings on a per-user basis
  136. #Match User anoncvs
  137. # X11Forwarding no
  138. # AllowTcpForwarding no
  139. # PermitTTY no
  140. # ForceCommand cvs server
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!