Update ssh config
This commit is contained in:
parent
86b7f9f08f
commit
2842f1f8d1
1 changed files with 14 additions and 12 deletions
|
|
@ -1,6 +1,6 @@
|
|||
# {{ ansible_managed }}
|
||||
#
|
||||
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
|
||||
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
|
||||
|
||||
# This is the sshd server system-wide configuration file. See
|
||||
# sshd_config(5) for more information.
|
||||
|
|
@ -28,14 +28,14 @@ HostKey /etc/ssh/ssh_host_ed25519_key
|
|||
|
||||
# Logging
|
||||
#SyslogFacility AUTH
|
||||
LogLevel INFO
|
||||
#LogLevel INFO
|
||||
|
||||
# Authentication:
|
||||
|
||||
#LoginGraceTime 2m
|
||||
#PermitRootLogin prohibit-password
|
||||
#StrictModes yes
|
||||
MaxAuthTries 6
|
||||
#MaxAuthTries 6
|
||||
#MaxSessions 10
|
||||
|
||||
PubkeyAuthentication yes
|
||||
|
|
@ -56,13 +56,15 @@ AuthorizedKeysFile .ssh/authorized_keys
|
|||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||
#IgnoreRhosts yes
|
||||
|
||||
# To disable tunneled clear text passwords, change to no here!
|
||||
# To disable tunneled clear text passwords, change to "no" here!
|
||||
PasswordAuthentication no
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# Change to yes to enable challenge-response passwords (beware issues with
|
||||
# some PAM modules and threads)
|
||||
ChallengeResponseAuthentication no
|
||||
# Change to "yes" to enable keyboard-interactive authentication. Depending on
|
||||
# the system's configuration, this may involve passwords, challenge-response,
|
||||
# one-time passwords or some combination of these and other methods.
|
||||
# Beware issues with some PAM modules and threads.
|
||||
KbdInteractiveAuthentication no
|
||||
|
||||
# Kerberos options
|
||||
#KerberosAuthentication no
|
||||
|
|
@ -78,13 +80,13 @@ ChallengeResponseAuthentication no
|
|||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
# be allowed through the ChallengeResponseAuthentication and
|
||||
# be allowed through the KbdInteractiveAuthentication and
|
||||
# PasswordAuthentication. Depending on your PAM configuration,
|
||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||
# the setting of "PermitRootLogin without-password".
|
||||
# PAM authentication via KbdInteractiveAuthentication may bypass
|
||||
# the setting of "PermitRootLogin prohibit-password".
|
||||
# If you just want the PAM account and session checks to run without
|
||||
# PAM authentication, then enable this but set PasswordAuthentication
|
||||
# and ChallengeResponseAuthentication to 'no'.
|
||||
# and KbdInteractiveAuthentication to 'no'.
|
||||
UsePAM yes
|
||||
|
||||
#AllowAgentForwarding yes
|
||||
|
|
@ -112,7 +114,7 @@ PrintMotd no
|
|||
#Banner none
|
||||
|
||||
# Allow client to pass locale environment variables
|
||||
AcceptEnv LANG LC_*
|
||||
AcceptEnv LANG LC_* COLORTERM NO_COLOR
|
||||
|
||||
# override default of no subsystems
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue