API tools faq
paste
Advertisement
mech_coder

ssh_config

mech_coder
Aug 20th, 2015
208
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.12 KB | None | 0 0
raw download clone embed print report
  1. # Package generated configuration file
  2. # See the sshd_config(5) manpage for details
  3.  
  4. # What ports, IPs and protocols we listen for
  5. Port 9090
  6. # Use these options to restrict which interfaces/protocols sshd will bind to
  7. #ListenAddress ::
  8. #ListenAddress 0.0.0.0
  9. Protocol 2
  10. # HostKeys for protocol version 2
  11. #HostKey /etc/ssh/ssh_host_rsa_key
  12. #HostKey /etc/ssh/ssh_host_dsa_key
  13. #HostKey /etc/ssh/ssh_host_ecdsa_key
  14. #HostKey /etc/ssh/ssh_host_ed25519_key
  15. #Privilege Separation is turned on for security
  16. UsePrivilegeSeparation yes
  17.  
  18. # Lifetime and size of ephemeral version 1 server key
  19. KeyRegenerationInterval 3600
  20. ServerKeyBits 4096
  21.  
  22. # Logging
  23. SyslogFacility AUTH
  24. LogLevel INFO
  25.  
  26. # Authentication:
  27. #LoginGraceTime 120
  28. PermitRootLogin yes
  29. StrictModes yes
  30.  
  31. RSAAuthentication yes
  32. PubkeyAuthentication yes
  33. AuthorizedKeysFile %h/.ssh/authorized_keys
  34.  
  35. # Don't read the user's ~/.rhosts and ~/.shosts files
  36. #IgnoreRhosts yes
  37. # For this to work you will also need host keys in /etc/ssh_known_hosts
  38. RhostsRSAAuthentication yes
  39. # similar for protocol version 2
  40. HostbasedAuthentication yes
  41. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  42. IgnoreUserKnownHosts no
  43.  
  44. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  45. PermitEmptyPasswords no
  46.  
  47. # Change to yes to enable challenge-response passwords (beware issues with
  48. # some PAM modules and threads)
  49. ChallengeResponseAuthentication no
  50.  
  51. # Change to no to disable tunnelled clear text passwords
  52. PasswordAuthentication no
  53.  
  54. # Kerberos options
  55. #KerberosAuthentication no
  56. #KerberosGetAFSToken no
  57. #KerberosOrLocalPasswd yes
  58. #KerberosTicketCleanup yes
  59.  
  60. # GSSAPI options
  61. # GSSAPIAuthentication no
  62. # GSSAPICleanupCredentials yes
  63.  
  64. GatewayPorts yes
  65. X11Forwarding yes
  66. #X11DisplayOffset 10
  67. PrintMotd no
  68. PrintLastLog yes
  69. TCPKeepAlive yes
  70. #UseLogin no
  71.  
  72. #MaxStartups 10:30:60
  73. Banner none #/etc/issue.net
  74.  
  75.  
  76. # Allow client to pass locale environment variables
  77. AcceptEnv LANG LC_*
  78.  
  79. #Subsystem sftp /usr/lib/openssh/sftp-server
  80.  
  81. # Set this to 'yes' to enable PAM authentication, account processing,
  82. # and session processing. If this is enabled, PAM authentication will
  83. # be allowed through the ChallengeResponseAuthentication and
  84. # PasswordAuthentication. Depending on your PAM configuration,
  85. # PAM authentication via ChallengeResponseAuthentication may bypass
  86. # the setting of "PermitRootLogin without-password".
  87. # If you just want the PAM account and session checks to run without
  88. # PAM authentication, then enable this but set PasswordAuthentication
  89. # and ChallengeResponseAuthentication to 'no'.
  90. UsePAM yes
  91.  
  92. KexAlgorithms=diffie-hellman-group1-sha1
  93.  
  94.  
  95. DESCRIPTION
  96. ssh-copy-id is a script that uses ssh to log into a remote machine and
  97. append the indicated identity file to that machine's
  98. ~/.ssh/authorized_keys file.
  99.  
  100. If the -i option is given then the identity file (defaults to
  101. ~/.ssh/id_rsa.pub) is used, regardless of whether there are any keys in
  102. your ssh-agent. Otherwise, if this:
  103.  
  104. ssh-add -L
  105.  
  106. provides any output, it uses that in preference to the identity file.
  107.  
  108. If the -i option is used, or the ssh-add produced no output, then it
  109. uses the contents of the identity file. Once it has one or more
  110. fingerprints (by whatever means) it uses ssh to append them to
  111. ~/.ssh/authorized_keys on the remote machine (creating the file, and
  112. directory, if necessary.)
  113.  
  114. NOTES
  115. This program does not modify the permissions of any pre-existing files
  116. or directories. Therefore, if the remote sshd has StrictModes set in
  117. its configuration, then the user's home, ~/.ssh folder, and
  118. ~/.ssh/authorized_keys file may need to have group writability disabled
  119. manually, e.g. via
  120.  
  121. chmod go-w ~ ~/.ssh ~/.ssh/authorized_keys
  122.  
  123. on the remote machine.
  124.  
  125. ~/.ssh 700
  126. -rw------- 1 serv serv 11K Aug 20 08:01 authorized_keys 600
  127. -r-------- 1 serv serv 3.2K Aug 20 06:59 id_rsa 400
  128. -rw-r--r-- 1 serv serv 738 Aug 20 06:59 id_rsa.pub 644
  129. -rw-r--r-- 1 serv serv 0 Aug 20 06:46 known_hosts 644
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!