CSC Ansible Playbooks
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
ansible-playbooks/files/sshd_config

64 lines
1.7 KiB

# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use only protocol version 2
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
# Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication
UsePAM yes
StrictModes yes
PermitRootLogin yes
LoginGraceTime 120
MaxStartups 25:30:100
# password authentication via PAM (single sign-on initial case)
PasswordAuthentication yes
PermitEmptyPasswords no
# keyboard-interactive authentication (like password, works with +needchange)
ChallengeResponseAuthentication yes
# kerberos (single sign-on already authenticated case)
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
GSSAPICleanupCredentials yes
# public key authentication with authorized_keys
PubkeyAuthentication yes
# no single sign-on via hosts.equiv; we use kerberos
HostbasedAuthentication no
IgnoreRhosts yes
# no builtin kerberos auth with password, we do the same via pam_krb5
KerberosAuthentication no
# allow X forwarding
X11Forwarding yes
X11DisplayOffset 10
# PAM prints these already
PrintMotd no
PrintLastLog no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server