sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update ssh config

Browse source
This commit is contained in:
Sonny Bakker 2025-12-25 20:09:57 +01:00
parent 86b7f9f08f
commit 2842f1f8d1
1 changed files with 14 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

26
templates/ssh.j2
View file

@ -1,6 +1,6 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# #
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See # This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information. # sshd_config(5) for more information.
@ -28,14 +28,14 @@ HostKey /etc/ssh/ssh_host_ed25519_key
# Logging # Logging
#SyslogFacility AUTH #SyslogFacility AUTH
LogLevel INFO #LogLevel INFO
# Authentication: # Authentication:
#LoginGraceTime 2m #LoginGraceTime 2m
#PermitRootLogin prohibit-password #PermitRootLogin prohibit-password
#StrictModes yes #StrictModes yes
MaxAuthTries 6 #MaxAuthTries 6
#MaxSessions 10 #MaxSessions 10
PubkeyAuthentication yes PubkeyAuthentication yes
@ -56,13 +56,15 @@ AuthorizedKeysFile .ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files # Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes #IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here! # To disable tunneled clear text passwords, change to "no" here!
PasswordAuthentication no PasswordAuthentication no
#PermitEmptyPasswords no #PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with # Change to "yes" to enable keyboard-interactive authentication. Depending on
# some PAM modules and threads) # the system's configuration, this may involve passwords, challenge-response,
ChallengeResponseAuthentication no # one-time passwords or some combination of these and other methods.
# Beware issues with some PAM modules and threads.
KbdInteractiveAuthentication no
# Kerberos options # Kerberos options
#KerberosAuthentication no #KerberosAuthentication no
@ -78,13 +80,13 @@ ChallengeResponseAuthentication no
# Set this to 'yes' to enable PAM authentication, account processing, # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will # and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and # be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration, # PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass # PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password". # the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without # If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication # PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'. # and KbdInteractiveAuthentication to 'no'.
UsePAM yes UsePAM yes
#AllowAgentForwarding yes #AllowAgentForwarding yes
@ -112,7 +114,7 @@ PrintMotd no
#Banner none #Banner none
# Allow client to pass locale environment variables # Allow client to pass locale environment variables
AcceptEnv LANG LC_* AcceptEnv LANG LC_* COLORTERM NO_COLOR
# override default of no subsystems # override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp /usr/lib/openssh/sftp-server