SHARE
TWEET

xiay ssh

a guest Feb 6th, 2013 25 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Package generated configuration file
  2. # See the sshd_config(5) manpage for details
  3.  
  4. # What ports, IPs and protocols we listen for
  5. Port 22
  6. # Use these options to restrict which interfaces/protocols sshd will bind to
  7. #ListenAddress ::
  8. #ListenAddress 0.0.0.0
  9. Protocol 2
  10. # HostKeys for protocol version 2
  11. HostKey /etc/ssh/ssh_host_rsa_key
  12. HostKey /etc/ssh/ssh_host_dsa_key
  13. #Privilege Separation is turned on for security
  14. UsePrivilegeSeparation yes
  15.  
  16. # Lifetime and size of ephemeral version 1 server key
  17. KeyRegenerationInterval 3600
  18. ServerKeyBits 768
  19.  
  20. # Logging
  21. SyslogFacility AUTH
  22. LogLevel INFO
  23.  
  24. # Authentication:
  25. LoginGraceTime 120
  26. PermitRootLogin yes
  27. StrictModes yes
  28.  
  29. RSAAuthentication yes
  30. PubkeyAuthentication yes
  31. #AuthorizedKeysFile     %h/.ssh/authorized_keys
  32.  
  33. # Don't read the user's ~/.rhosts and ~/.shosts files
  34. IgnoreRhosts yes
  35. # For this to work you will also need host keys in /etc/ssh_known_hosts
  36. RhostsRSAAuthentication no
  37. # similar for protocol version 2
  38. HostbasedAuthentication no
  39. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  40. #IgnoreUserKnownHosts yes
  41.  
  42. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  43. PermitEmptyPasswords no
  44.  
  45. # Change to yes to enable challenge-response passwords (beware issues with
  46. # some PAM modules and threads)
  47. ChallengeResponseAuthentication no
  48.  
  49. # Change to no to disable tunnelled clear text passwords
  50. #PasswordAuthentication yes
  51.  
  52. # Kerberos options
  53. #KerberosAuthentication no
  54. #KerberosGetAFSToken no
  55. #KerberosOrLocalPasswd yes
  56. #KerberosTicketCleanup yes
  57.  
  58. # GSSAPI options
  59. #GSSAPIAuthentication no
  60. #GSSAPICleanupCredentials yes
  61.  
  62. X11Forwarding yes
  63. X11DisplayOffset 10
  64. PrintMotd no
  65. PrintLastLog yes
  66. TCPKeepAlive yes
  67. #UseLogin no
  68.  
  69. AllowTcpForwarding yes
  70. PermitTunnel yes
  71.  
  72. #MaxStartups 10:30:60
  73. #Banner /etc/issue.net
  74.  
  75. # Allow client to pass locale environment variables
  76. AcceptEnv LANG LC_*
  77.  
  78. Subsystem sftp /usr/lib/openssh/sftp-server
  79.  
  80. # Set this to 'yes' to enable PAM authentication, account processing,
  81. # and session processing. If this is enabled, PAM authentication will
  82. # be allowed through the ChallengeResponseAuthentication and
  83. # PasswordAuthentication.  Depending on your PAM configuration,
  84. # PAM authentication via ChallengeResponseAuthentication may bypass
  85. # the setting of "PermitRootLogin without-password".
  86. # If you just want the PAM account and session checks to run without
  87. # PAM authentication, then enable this but set PasswordAuthentication
  88. # and ChallengeResponseAuthentication to 'no'.
  89. UsePAM yes
  90.  
  91. ClientAliveInterval 5
  92. ClientAliveCountMax 3
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top