mirror of
https://gitea.com/mcereda/oam.git
synced 2026-02-09 05:44:23 +00:00
114 lines
5.1 KiB
Plaintext
114 lines
5.1 KiB
Plaintext
################################################################################
|
|
## /etc/ssh/sshd_config
|
|
##
|
|
## OpenSSH daemon system-wide configuration file stating only default values.
|
|
## Last updated: see file modification date.
|
|
##
|
|
## Uncommented options override the default value.
|
|
## Unless noted otherwise, for each keyword, the *first* obtained value will be
|
|
## used in a first-come-first-served fashion.
|
|
## Keywords are case-*in*sensitive, and arguments are case-*sensitive*.
|
|
##
|
|
## Sources:
|
|
## - https://man.openbsd.org/sshd_config
|
|
################################################################################
|
|
|
|
# AcceptEnv <none>
|
|
AddressFamily any
|
|
AllowAgentForwarding yes
|
|
# AllowGroups <none>
|
|
AllowStreamLocalForwarding yes
|
|
AllowTcpForwarding yes
|
|
# AllowUsers <none>
|
|
AuthenticationMethods any
|
|
# AuthorizedKeysCommand <none>
|
|
# AuthorizedKeysCommandUser <none>
|
|
AuthorizedKeysFile ".ssh/authorized_keys .ssh/authorized_keys2"
|
|
# AuthorizedPrincipalsCommand <none>
|
|
# AuthorizedPrincipalsCommandUser <none>
|
|
# AuthorizedPrincipalsFile <none>
|
|
# Banner <none>
|
|
CASignatureAlgorithms ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
|
|
# ChannelTimeout <none>
|
|
ChrootDirectory none
|
|
Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
|
|
ClientAliveCountMax 3
|
|
ClientAliveInterval 0
|
|
Compression yes
|
|
# DenyGroups <none>
|
|
# DenyUsers <none>
|
|
DisableForwarding no
|
|
ExposeAuthInfo no
|
|
FingerprintHash sha256
|
|
ForceCommand none
|
|
GatewayPorts no
|
|
GSSAPIAuthentication no
|
|
GSSAPICleanupCredentials yes
|
|
GSSAPIStrictAcceptorCheck yes
|
|
HostbasedAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
|
|
HostbasedAuthentication no
|
|
HostbasedUsesNameFromPacketOnly no
|
|
# HostCertificate <none>
|
|
HostKey "/etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key"
|
|
# HostKeyAgent <none>
|
|
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
|
|
IgnoreRhosts yes
|
|
IgnoreUserKnownHosts no
|
|
# Include <none>
|
|
IPQoS "af21 cs1"
|
|
KbdInteractiveAuthentication yes
|
|
KerberosAuthentication no
|
|
KerberosGetAFSToken no
|
|
KerberosOrLocalPasswd yes
|
|
KerberosTicketCleanup yes
|
|
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
|
|
ListenAddress 0.0.0.0
|
|
LoginGraceTime 120
|
|
LogLevel INFO
|
|
# LogVerbose <none>
|
|
MACs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
|
|
MaxAuthTries 6
|
|
MaxSessions 10
|
|
MaxStartups 10:30:100
|
|
ModuliFile /etc/moduli
|
|
PasswordAuthentication yes
|
|
PermitEmptyPasswords no
|
|
PermitListen any
|
|
PermitOpen any
|
|
PermitRootLogin prohibit-password
|
|
PermitTTY yes
|
|
PermitTunnel no
|
|
PermitUserEnvironment no
|
|
PermitUserRC yes
|
|
PerSourceMaxStartups none
|
|
PerSourceNetBlockSize 32:128
|
|
PerSourcePenalties "crash:90s authfail:5s noauth:1s grace-exceeded:20s max:10m min:15s max-sources4:65536 max-sources6:65536 overflow:permissive overflow6:permissive"
|
|
# PerSourcePenaltyExemptList <none>
|
|
PidFile /var/run/sshd.pid
|
|
Port 22
|
|
PrintLastLog yes
|
|
PrintMotd yes
|
|
PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
|
|
PubkeyAuthOptions none
|
|
PubkeyAuthentication yes
|
|
RekeyLimit "default none"
|
|
RequiredRSASize 1024
|
|
RevokedKeys none
|
|
# RDomain <none>
|
|
# SecurityKeyProvider <none>
|
|
# SetEnv <none>
|
|
StreamLocalBindMask 0177
|
|
StreamLocalBindUnlink no
|
|
StrictModes yes
|
|
# Subsystem <none>
|
|
SyslogFacility AUTH
|
|
TCPKeepAlive no
|
|
TrustedUserCAKeys none
|
|
UnusedConnectionTimeout none
|
|
UseDNS no
|
|
VersionAddendum none
|
|
X11DisplayOffset 10
|
|
X11Forwarding no
|
|
X11UseLocalhost yes
|
|
XAuthLocation /usr/X11R6/bin/xauth
|