CSC Ansible Playbooks
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

64 lines
1.7 KiB

# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use only protocol version 2
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
# Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication
UsePAM yes
StrictModes yes
PermitRootLogin yes
LoginGraceTime 120
MaxStartups 25:30:100
# password authentication via PAM (single sign-on initial case)
PasswordAuthentication yes
PermitEmptyPasswords no
# keyboard-interactive authentication (like password, works with +needchange)
ChallengeResponseAuthentication yes
# kerberos (single sign-on already authenticated case)
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
GSSAPICleanupCredentials yes
# public key authentication with authorized_keys
PubkeyAuthentication yes
# no single sign-on via hosts.equiv; we use kerberos
HostbasedAuthentication no
IgnoreRhosts yes
# no builtin kerberos auth with password, we do the same via pam_krb5
KerberosAuthentication no
# allow X forwarding
X11Forwarding yes
X11DisplayOffset 10
# PAM prints these already
PrintMotd no
PrintLastLog no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server