Advertisement
Mochinov

Untitled

Jan 30th, 2021
290
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.36 KB | None | 0 0
  1. # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
  2.  
  3. # This is the sshd server system-wide configuration file. See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented. Uncommented options override the
  11. # default value.
  12.  
  13. Include /etc/ssh/sshd_config.d/*.conf
  14.  
  15. #Port 22
  16. #AddressFamily any
  17. #ListenAddress 0.0.0.0
  18. #ListenAddress ::
  19.  
  20. #HostKey /etc/ssh/ssh_host_rsa_key
  21. #HostKey /etc/ssh/ssh_host_ecdsa_key
  22. #HostKey /etc/ssh/ssh_host_ed25519_key
  23.  
  24. # Ciphers and keying
  25. #RekeyLimit default none
  26.  
  27. # Logging
  28. #SyslogFacility AUTH
  29. #LogLevel INFO
  30.  
  31. # Authentication:
  32.  
  33. #LoginGraceTime 2m
  34. #PermitRootLogin prohibit-password
  35. #StrictModes yes
  36. #MaxAuthTries 6
  37. #MaxSessions 10
  38.  
  39. #PubkeyAuthentication yes
  40.  
  41. # Expect .ssh/authorized_keys2 to be disregarded by default in future.
  42. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
  43.  
  44. #AuthorizedPrincipalsFile none
  45.  
  46. #AuthorizedKeysCommand none
  47. #AuthorizedKeysCommandUser nobody
  48.  
  49. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  50. #HostbasedAuthentication no
  51. # Change to yes if you don't trust ~/.ssh/known_hosts for
  52. # HostbasedAuthentication
  53. #IgnoreUserKnownHosts no
  54. # Don't read the user's ~/.rhosts and ~/.shosts files
  55. #IgnoreRhosts yes
  56.  
  57. # To disable tunneled clear text passwords, change to no here!
  58. PasswordAuthentication yes
  59. #PermitEmptyPasswords no
  60.  
  61. # Change to yes to enable challenge-response passwords (beware issues with
  62. # some PAM modules and threads)
  63. ChallengeResponseAuthentication no
  64.  
  65. # Kerberos options
  66. #KerberosAuthentication no
  67. #KerberosOrLocalPasswd yes
  68. #KerberosTicketCleanup yes
  69. #KerberosGetAFSToken no
  70.  
  71. # GSSAPI options
  72. #GSSAPIAuthentication no
  73. #GSSAPICleanupCredentials yes
  74. #GSSAPIStrictAcceptorCheck yes
  75. #GSSAPIKeyExchange no
  76.  
  77. # Set this to 'yes' to enable PAM authentication, account processing,
  78. # and session processing. If this is enabled, PAM authentication will
  79. # be allowed through the ChallengeResponseAuthentication and
  80. # PasswordAuthentication. Depending on your PAM configuration,
  81. # PAM authentication via ChallengeResponseAuthentication may bypass
  82. # the setting of "PermitRootLogin without-password".
  83. # If you just want the PAM account and session checks to run without
  84. # PAM authentication, then enable this but set PasswordAuthentication
  85. # and ChallengeResponseAuthentication to 'no'.
  86. UsePAM yes
  87.  
  88. #AllowAgentForwarding yes
  89. #AllowTcpForwarding yes
  90. #GatewayPorts no
  91. X11Forwarding yes
  92. #X11DisplayOffset 10
  93. #X11UseLocalhost yes
  94. #PermitTTY yes
  95. PrintMotd no
  96. #PrintLastLog yes
  97. #TCPKeepAlive yes
  98. #PermitUserEnvironment no
  99. #Compression delayed
  100. #ClientAliveInterval 0
  101. #ClientAliveCountMax 3
  102. #UseDNS no
  103. #PidFile /var/run/sshd.pid
  104. #MaxStartups 10:30:100
  105. #PermitTunnel no
  106. #ChrootDirectory none
  107. #VersionAddendum none
  108.  
  109. # no default banner path
  110. #Banner none
  111.  
  112. # Allow client to pass locale environment variables
  113. AcceptEnv LANG LC_*
  114.  
  115. # override default of no subsystems
  116. Subsystem sftp /usr/lib/openssh/sftp-server
  117.  
  118. # Example of overriding settings on a per-user basis
  119. #Match User anoncvs
  120. # X11Forwarding no
  121. # AllowTcpForwarding no
  122. # PermitTTY no
  123. # ForceCommand cvs server
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement