API tools faq
paste
punces

sshd_config

punces
Feb 28th, 2017
235
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.55 KB | None | 0 0
raw download clone embed print report
  1. # Package generated configuration file
  2. # See the sshd_config(5) manpage for details
  3.  
  4. # What ports, IPs and protocols we listen for
  5. Port 22
  6. # Use these options to restrict which interfaces/protocols sshd will bind to
  7. #ListenAddress ::
  8. #ListenAddress 0.0.0.0
  9. Protocol 2
  10. # HostKeys for protocol version 2
  11. HostKey /etc/ssh/ssh_host_rsa_key
  12. HostKey /etc/ssh/ssh_host_dsa_key
  13. HostKey /etc/ssh/ssh_host_ecdsa_key
  14. HostKey /etc/ssh/ssh_host_ed25519_key
  15. #Privilege Separation is turned on for security
  16. UsePrivilegeSeparation yes
  17.  
  18. # Lifetime and size of ephemeral version 1 server key
  19. KeyRegenerationInterval 3600
  20. ServerKeyBits 1024
  21.  
  22. # Logging
  23. SyslogFacility AUTH
  24. LogLevel INFO
  25.  
  26. # Authentication:
  27. LoginGraceTime 120
  28. PermitRootLogin yes
  29. StrictModes yes
  30.  
  31. RSAAuthentication yes
  32. PubkeyAuthentication yes
  33. #AuthorizedKeysFile %h/.ssh/authorized_keys
  34.  
  35. # Don't read the user's ~/.rhosts and ~/.shosts files
  36. IgnoreRhosts yes
  37. # For this to work you will also need host keys in /etc/ssh_known_hosts
  38. RhostsRSAAuthentication no
  39. # similar for protocol version 2
  40. HostbasedAuthentication no
  41. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  42. #IgnoreUserKnownHosts yes
  43.  
  44. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  45. PermitEmptyPasswords no
  46.  
  47. # Change to yes to enable challenge-response passwords (beware issues with
  48. # some PAM modules and threads)
  49. ChallengeResponseAuthentication no
  50.  
  51. # Change to no to disable tunnelled clear text passwords
  52. #PasswordAuthentication yes
  53.  
  54. # Kerberos options
  55. #KerberosAuthentication no
  56. #KerberosGetAFSToken no
  57. #KerberosOrLocalPasswd yes
  58. #KerberosTicketCleanup yes
  59.  
  60. # GSSAPI options
  61. #GSSAPIAuthentication no
  62. #GSSAPICleanupCredentials yes
  63.  
  64. X11Forwarding yes
  65. X11DisplayOffset 10
  66. PrintMotd no
  67. PrintLastLog yes
  68. TCPKeepAlive yes
  69. #UseLogin no
  70.  
  71. #MaxStartups 10:30:60
  72. #Banner /etc/issue.net
  73.  
  74. # Allow client to pass locale environment variables
  75. AcceptEnv LANG LC_*
  76.  
  77. Subsystem sftp /usr/lib/openssh/sftp-server
  78.  
  79. # Set this to 'yes' to enable PAM authentication, account processing,
  80. # and session processing. If this is enabled, PAM authentication will
  81. # be allowed through the ChallengeResponseAuthentication and
  82. # PasswordAuthentication. Depending on your PAM configuration,
  83. # PAM authentication via ChallengeResponseAuthentication may bypass
  84. # the setting of "PermitRootLogin without-password".
  85. # If you just want the PAM account and session checks to run without
  86. # PAM authentication, then enable this but set PasswordAuthentication
  87. # and ChallengeResponseAuthentication to 'no'.
  88. UsePAM yes
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!