Adjust file sshd_config. Some minor changes on script output.
This commit is contained in:
parent
47d5343e8f
commit
39f2d93ab0
@ -8,10 +8,22 @@
|
||||
# What ports, IPs and protocols we listen for
|
||||
Port 22
|
||||
|
||||
# Use these options to restrict which interfaces/protocols sshd will bind to
|
||||
#ListenAddress ::
|
||||
#ListenAddress 0.0.0.0
|
||||
#ListenAddress 176.9.117.77
|
||||
# Specifies the local addresses sshd(8) should listen on. The following forms may be used:
|
||||
#
|
||||
# ListenAddress host|IPv4_addr|IPv6_addr
|
||||
# ListenAddress host|IPv4_addr:port
|
||||
# ListenAddress [host|IPv6_addr]:port
|
||||
#
|
||||
# If port is not specified, sshd will listen on the address and all Port options specified. The default
|
||||
# is to listen on all local addresses. Multiple ListenAddress options are permitted.
|
||||
#
|
||||
# ListenAddress ::
|
||||
# ListenAddress 0.0.0.0
|
||||
# ListenAddress 159.69.72.24
|
||||
# ListenAddress 2a01:4f8:231:171f::2
|
||||
#
|
||||
ListenAddress ::
|
||||
ListenAddress 0.0.0.0
|
||||
|
||||
# Specifies the protocol versions sshd(8) supports.
|
||||
# The possible values are ‘1’ , `2' and ‘1,2’.
|
||||
@ -28,6 +40,7 @@ HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
# Note:
|
||||
# Deprecated option KeyRegenerationInterval
|
||||
# Deprecated option ServerKeyBits
|
||||
#
|
||||
#KeyRegenerationInterval 3600
|
||||
#ServerKeyBits 768
|
||||
|
||||
@ -42,7 +55,7 @@ MaxStartups 10:30:100
|
||||
# Specifies the maximum number of authentication attempts permitted per
|
||||
# connection.
|
||||
# The default is 6.
|
||||
MaxAuthTries 3
|
||||
MaxAuthTries 6
|
||||
|
||||
# Specifies the maximum number of open sessions permitted per network
|
||||
# connection.
|
||||
@ -57,7 +70,13 @@ MaxSessions 10
|
||||
# Specifies whether sshd(8) separates privileges by creating an unprivileged
|
||||
# child process to deal with incoming network traffic.
|
||||
# The default is "yes" (for security).
|
||||
UsePrivilegeSeparation yes
|
||||
#
|
||||
# Note: (Release 7.5)
|
||||
# Deprecated option UsePrivilegeSeparation
|
||||
# Privilege separation has been on by default for almost 15 years
|
||||
# sandboxing has been on by default for almost the last five
|
||||
#
|
||||
#UsePrivilegeSeparation yes
|
||||
|
||||
# The server disconnects after this time if the user has not
|
||||
# successfully logged in.
|
||||
@ -66,9 +85,10 @@ LoginGraceTime 120
|
||||
|
||||
# Specifies whether root can log in using ssh(1).
|
||||
# The default is "yes".
|
||||
#PermitRootLogin yes
|
||||
# Possible values: yes, no, prohibit-password (or teh older one: without-password)
|
||||
PermitRootLogin yes
|
||||
#PermitRootLogin without-password
|
||||
PermitRootLogin no
|
||||
#PermitRootLogin no
|
||||
|
||||
# Specifies whether sshd(8) should check file modes and ownership of the
|
||||
# user's files and home directory before accepting login. This is normally
|
||||
@ -104,6 +124,7 @@ PubkeyAuthentication yes
|
||||
# whitespace.
|
||||
# The default is “.ssh/authorized_keys .ssh/authorized_keys2”.
|
||||
#AuthorizedKeysFile %h/.ssh/authorized_keys
|
||||
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
|
||||
|
||||
# Specifies whether password authentication is allowed.
|
||||
# Change to no to disable tunnelled clear text passwords
|
||||
@ -128,6 +149,7 @@ IgnoreRhosts yes
|
||||
# Deprecated option RhostsRSAAuthentication
|
||||
#
|
||||
#RhostsRSAAuthentication no
|
||||
|
||||
# similar for protocol version 2
|
||||
HostbasedAuthentication no
|
||||
|
||||
@ -142,7 +164,7 @@ HostbasedAuthentication no
|
||||
# The allow/deny directives are processed in the following order: DenyUsers,
|
||||
# AllowUsers, DenyGroups, and finally AllowGroups.
|
||||
# By default, login is allowed for all users.
|
||||
#AllowUsers chris cityslang sysadm
|
||||
#AllowUsers back chris sysadm cityslang christoph
|
||||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
@ -165,6 +187,43 @@ UsePAM yes
|
||||
#UseLogin no
|
||||
|
||||
|
||||
#-----------------------------
|
||||
# Cryptography
|
||||
#-----------------------------
|
||||
|
||||
# Specifies the available KEX (Key Exchange) algorithms.
|
||||
# The default is:
|
||||
## curve25519-sha256@libssh.org,
|
||||
## ecdh-sha2-nistp256,
|
||||
## ecdh-sha2-nistp384,
|
||||
## ecdh-sha2-nistp521,
|
||||
## diffie-hellman-group-exchange-sha256,
|
||||
## diffie-hellman-group14-sha1.
|
||||
#KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
|
||||
|
||||
# Specifies the ciphers allowed for protocol version 2.
|
||||
# The default is:
|
||||
## aes128-ctr,
|
||||
## aes192-ctr,
|
||||
## aes256-ctr,
|
||||
## aes128-gcm@openssh.com,
|
||||
## aes256-gcm@openssh.com,
|
||||
## chacha20-poly1305@openssh.com.
|
||||
#Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
|
||||
|
||||
# Specifies the available MAC (message authentication code) algorithms.
|
||||
# The default is:
|
||||
## umac-64-etm@openssh.com,
|
||||
## umac-128-etm@openssh.com,
|
||||
## hmac-sha2-256-etm@openssh.com,
|
||||
## hmac-sha2-512-etm@openssh.com,
|
||||
## umac-64@openssh.com,
|
||||
## umac-128@openssh.com,
|
||||
## hmac-sha2-256,
|
||||
## hmac-sha2-512.
|
||||
#MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
|
||||
|
||||
|
||||
#-----------------------------
|
||||
# Logging
|
||||
#-----------------------------
|
||||
|
||||
Loading…
Reference in New Issue
Block a user