API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 12th, 2018
180
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.95 KB | None | 0 0
raw download clone embed print report
  1. # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
  2.  
  3. # This is the sshd server system-wide configuration file. See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/local/bin:/usr/bin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented. Uncommented options override the
  11. # default value.
  12.  
  13. # If you want to change the port on a SELinux system, you have to tell
  14. # SELinux about this change.
  15. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
  16. #
  17. #Port 22
  18. #AddressFamily any
  19. #ListenAddress 0.0.0.0
  20. #ListenAddress ::
  21.  
  22. HostKey /etc/ssh/ssh_host_rsa_key
  23. #HostKey /etc/ssh/ssh_host_dsa_key
  24. HostKey /etc/ssh/ssh_host_ecdsa_key
  25. HostKey /etc/ssh/ssh_host_ed25519_key
  26.  
  27. # Ciphers and keying
  28. #RekeyLimit default none
  29.  
  30. # Logging
  31. #SyslogFacility AUTH
  32. SyslogFacility AUTHPRIV
  33. #LogLevel INFO
  34.  
  35. # Authentication:
  36.  
  37. #LoginGraceTime 2m
  38. #PermitRootLogin yes
  39. #StrictModes yes
  40. #MaxAuthTries 6
  41. #MaxSessions 10
  42.  
  43. #PubkeyAuthentication yes
  44.  
  45. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  46. # but this is overridden so installations will only check .ssh/authorized_keys
  47. AuthorizedKeysFile .ssh/authorized_keys
  48.  
  49. #AuthorizedPrincipalsFile none
  50.  
  51. #AuthorizedKeysCommand none
  52. #AuthorizedKeysCommandUser nobody
  53.  
  54. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  55. #HostbasedAuthentication no
  56. # Change to yes if you don't trust ~/.ssh/known_hosts for
  57. # HostbasedAuthentication
  58. #IgnoreUserKnownHosts no
  59. # Don't read the user's ~/.rhosts and ~/.shosts files
  60. #IgnoreRhosts yes
  61.  
  62. # To disable tunneled clear text passwords, change to no here!
  63. #PasswordAuthentication yes
  64. #PermitEmptyPasswords no
  65. PasswordAuthentication yes
  66.  
  67. # Change to no to disable s/key passwords
  68. #ChallengeResponseAuthentication yes
  69. ChallengeResponseAuthentication no
  70.  
  71. # Kerberos options
  72. #KerberosAuthentication no
  73. #KerberosOrLocalPasswd yes
  74. #KerberosTicketCleanup yes
  75. #KerberosGetAFSToken no
  76. #KerberosUseKuserok yes
  77.  
  78. # GSSAPI options
  79. GSSAPIAuthentication yes
  80. GSSAPICleanupCredentials no
  81. #GSSAPIStrictAcceptorCheck yes
  82. #GSSAPIKeyExchange no
  83. #GSSAPIEnablek5users no
  84.  
  85. # Set this to 'yes' to enable PAM authentication, account processing,
  86. # and session processing. If this is enabled, PAM authentication will
  87. # be allowed through the ChallengeResponseAuthentication and
  88. # PasswordAuthentication. Depending on your PAM configuration,
  89. # PAM authentication via ChallengeResponseAuthentication may bypass
  90. # the setting of "PermitRootLogin without-password".
  91. # If you just want the PAM account and session checks to run without
  92. # PAM authentication, then enable this but set PasswordAuthentication
  93. # and ChallengeResponseAuthentication to 'no'.
  94. # WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
  95. # problems.
  96. UsePAM yes
  97.  
  98. #AllowAgentForwarding yes
  99. #AllowTcpForwarding yes
  100. #GatewayPorts no
  101. X11Forwarding yes
  102. #X11DisplayOffset 10
  103. #X11UseLocalhost yes
  104. #PermitTTY yes
  105. #PrintMotd yes
  106. #PrintLastLog yes
  107. #TCPKeepAlive yes
  108. #UseLogin no
  109. #UsePrivilegeSeparation sandbox
  110. #PermitUserEnvironment no
  111. #Compression delayed
  112. #ClientAliveInterval 0
  113. #ClientAliveCountMax 3
  114. #ShowPatchLevel no
  115. #UseDNS no
  116. #PidFile /var/run/sshd.pid
  117. #MaxStartups 10:30:100
  118. #PermitTunnel no
  119. #ChrootDirectory none
  120. #VersionAddendum none
  121.  
  122. # no default banner path
  123. #Banner none
  124.  
  125. # Accept locale-related environment variables
  126. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  127. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  128. AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  129. AcceptEnv XMODIFIERS
  130.  
  131. # override default of no subsystems
  132. Subsystem sftp /usr/libexec/openssh/sftp-server
  133.  
  134. # Example of overriding settings on a per-user basis
  135. #Match User anoncvs
  136. # X11Forwarding no
  137. # AllowTcpForwarding no
  138. # PermitTTY no
  139. # ForceCommand cvs server
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!