anhkiet2507

sshd_config

Feb 15th, 2019
36,339
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.57 KB | None | 0 0
  1. # Package generated configuration file
  2. # See the sshd_config(5) manpage for details
  3.  
  4. # What ports, IPs and protocols we listen for
  5. Port 22
  6. # Use these options to restrict which interfaces/protocols sshd will bind to
  7. #ListenAddress ::
  8. #ListenAddress 0.0.0.0
  9. Protocol 2
  10. # HostKeys for protocol version 2
  11. HostKey /etc/ssh/ssh_host_rsa_key
  12. HostKey /etc/ssh/ssh_host_dsa_key
  13. HostKey /etc/ssh/ssh_host_ecdsa_key
  14. HostKey /etc/ssh/ssh_host_ed25519_key
  15. #Privilege Separation is turned on for security
  16. UsePrivilegeSeparation yes
  17.  
  18. # Lifetime and size of ephemeral version 1 server key
  19. KeyRegenerationInterval 3600
  20. ServerKeyBits 1024
  21.  
  22. # Logging
  23. SyslogFacility AUTH
  24. LogLevel INFO
  25.  
  26. # Authentication:
  27. LoginGraceTime 120
  28. PermitRootLogin prohibit-password
  29. StrictModes yes
  30.  
  31. RSAAuthentication yes
  32. PubkeyAuthentication yes
  33. #AuthorizedKeysFile %h/.ssh/authorized_keys
  34.  
  35. # Don't read the user's ~/.rhosts and ~/.shosts files
  36. IgnoreRhosts yes
  37. # For this to work you will also need host keys in /etc/ssh_known_hosts
  38. RhostsRSAAuthentication no
  39. # similar for protocol version 2
  40. HostbasedAuthentication no
  41. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  42. #IgnoreUserKnownHosts yes
  43.  
  44. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  45. PermitEmptyPasswords no
  46.  
  47. # Change to yes to enable challenge-response passwords (beware issues with
  48. # some PAM modules and threads)
  49. ChallengeResponseAuthentication no
  50.  
  51. # Change to no to disable tunnelled clear text passwords
  52. #PasswordAuthentication yes
  53.  
  54. # Kerberos options
  55. #KerberosAuthentication no
  56. #KerberosGetAFSToken no
  57. #KerberosOrLocalPasswd yes
  58. #KerberosTicketCleanup yes
  59.  
  60. # GSSAPI options
  61. #GSSAPIAuthentication no
  62. #GSSAPICleanupCredentials yes
  63.  
  64. X11Forwarding yes
  65. X11DisplayOffset 10
  66. PrintMotd no
  67. PrintLastLog yes
  68. TCPKeepAlive yes
  69. #UseLogin no
  70.  
  71. #MaxStartups 10:30:60
  72. #Banner /etc/issue.net
  73.  
  74. # Allow client to pass locale environment variables
  75. AcceptEnv LANG LC_*
  76.  
  77. Subsystem sftp /usr/lib/openssh/sftp-server
  78.  
  79. # Set this to 'yes' to enable PAM authentication, account processing,
  80. # and session processing. If this is enabled, PAM authentication will
  81. # be allowed through the ChallengeResponseAuthentication and
  82. # PasswordAuthentication. Depending on your PAM configuration,
  83. # PAM authentication via ChallengeResponseAuthentication may bypass
  84. # the setting of "PermitRootLogin without-password".
  85. # If you just want the PAM account and session checks to run without
  86. # PAM authentication, then enable this but set PasswordAuthentication
  87. # and ChallengeResponseAuthentication to 'no'.
  88. UsePAM yes
Add Comment
Please, Sign In to add comment