|
|
@ -1,76 +0,0 @@ |
|
|
|
#!/bin/bash |
|
|
|
|
|
|
|
SSH_CONFIG="# Package generated configuration file |
|
|
|
# See the sshd_config(5) manpage for details |
|
|
|
|
|
|
|
# What ports, IPs and protocols we listen for |
|
|
|
Port 20 |
|
|
|
# Use these options to restrict which interfaces/protocols sshd will bind to |
|
|
|
#ListenAddress :: |
|
|
|
#ListenAddress 0.0.0.0 |
|
|
|
Protocol 2 |
|
|
|
# HostKeys for protocol version 2 |
|
|
|
HostKey /etc/ssh/ssh_host_rsa_key |
|
|
|
HostKey /etc/ssh/ssh_host_dsa_key |
|
|
|
HostKey /etc/ssh/ssh_host_ecdsa_key |
|
|
|
HostKey /etc/ssh/ssh_host_ed25519_key |
|
|
|
#Privilege Separation is turned on for security |
|
|
|
UsePrivilegeSeparation yes |
|
|
|
|
|
|
|
# Lifetime and size of ephemeral version 1 server key |
|
|
|
KeyRegenerationInterval 3600 |
|
|
|
ServerKeyBits 1024 |
|
|
|
|
|
|
|
# Logging |
|
|
|
SyslogFacility AUTH |
|
|
|
LogLevel INFO |
|
|
|
|
|
|
|
# Authentication: |
|
|
|
LoginGraceTime 120 |
|
|
|
PermitRootLogin no |
|
|
|
StrictModes yes |
|
|
|
|
|
|
|
RSAAuthentication yes |
|
|
|
PubkeyAuthentication yes |
|
|
|
#AuthorizedKeysFile %h/.ssh/authorized_keys |
|
|
|
|
|
|
|
# Don't read the user's ~/.rhosts and ~/.shosts files |
|
|
|
IgnoreRhosts yes |
|
|
|
# For this to work you will also need host keys in /etc/ssh_known_hosts |
|
|
|
RhostsRSAAuthentication no |
|
|
|
# similar for protocol version 2 |
|
|
|
HostbasedAuthentication no |
|
|
|
#IgnoreUserKnownHosts yes |
|
|
|
|
|
|
|
PermitEmptyPasswords no |
|
|
|
|
|
|
|
ChallengeResponseAuthentication no |
|
|
|
|
|
|
|
PasswordAuthentication no |
|
|
|
|
|
|
|
# Kerberos options |
|
|
|
#KerberosAuthentication no |
|
|
|
#KerberosGetAFSToken no |
|
|
|
#KerberosOrLocalPasswd yes |
|
|
|
#KerberosTicketCleanup yes |
|
|
|
|
|
|
|
# GSSAPI options |
|
|
|
#GSSAPIAuthentication no |
|
|
|
#GSSAPICleanupCredentials yes |
|
|
|
|
|
|
|
X11Forwarding yes |
|
|
|
X11DisplayOffset 10 |
|
|
|
PrintMotd no |
|
|
|
PrintLastLog yes |
|
|
|
TCPKeepAlive yes |
|
|
|
#UseLogin no |
|
|
|
|
|
|
|
#MaxStartups 10:30:60 |
|
|
|
#Banner /etc/issue.net |
|
|
|
|
|
|
|
AcceptEnv LANG LC_* |
|
|
|
|
|
|
|
Subsystem sftp /usr/lib/openssh/sftp-server |
|
|
|
|
|
|
|
UsePAM yes |
|
|
|
" |