FastHandle - IT Operations Examples

FastHandle is fast operation tools for infrastructure configurations and tests.

User Tools

Site Tools

os:linux:set:deamon:etc_ssh_sshd_config.html



Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
os:linux:set:deamon:etc_ssh_sshd_config.html [2018/02/17 01:01]
kurihara 		os:linux:set:deamon:etc_ssh_sshd_config.html [2018/12/22 23:50] (current)
kurihara
Line 1: Line 1:
 [[os:linux:set:index.html]] [[os:linux:set:index.html]]
-====== /etc/ssh/sshd_config======+====== /etc/ssh/sshd_config Example Configuration======
  
 +\\
 +{{INLINETOC}}
 +\\
  
-===== My /etc/security/limits.conf =====+===== My /etc/ssh/sshd_config =====
  
  
 <sxh bash toolbar:false gutter:false> <sxh bash toolbar:false gutter:false>
 #=============================================================================== #===============================================================================
-# /etc/security/limits.conf+# /etc/ssh/sshd_config
 # -rw-r--r--  root root # -rw-r--r--  root root
 # #
 +# man 5 sshd_config
 #=============================================================================== #===============================================================================
 +
 +Port 22
 +Protocol 2
  
 # HostKeys for protocol version 2 # HostKeys for protocol version 2
Line 23: Line 30:
  
 # Authentication: # Authentication:
-PermitRootLogin yes+PermitRootLogin no
 AuthorizedKeysFile      .ssh/authorized_keys AuthorizedKeysFile      .ssh/authorized_keys
 PermitEmptyPasswords no PermitEmptyPasswords no
Line 38: Line 45:
 UsePrivilegeSeparation sandbox          # Default for new installations. UsePrivilegeSeparation sandbox          # Default for new installations.
 UseDNS no UseDNS no
 +MaxStartups 100:30:200
  
 # Accept locale-related environment variables # Accept locale-related environment variables
Line 52: Line 59:
  
 \\ \\
-===== CentOS7 Default /etc/security/limits.conf =====+===== CentOS7 Default /etc/ssh/sshd_config =====
 <sxh bash toolbar:false gutter:false> <sxh bash toolbar:false gutter:false>
 #       $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ #       $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
Line 209: Line 216:
 </sxh> </sxh>
  
 +\\
 +===== Ubuntu 16.0.4 Default /etc/ssh/sshd_config =====
 +<sxh bash toolbar:false gutter:false>
 +# Package generated configuration file
 +# See the sshd_config(5) manpage for details
  
 +# What ports, IPs and protocols we listen for
 +Port 22
 +# Use these options to restrict which interfaces/protocols sshd will bind to
 +#ListenAddress ::
 +#ListenAddress 0.0.0.0
 +Protocol 2
 +# HostKeys for protocol version 2
 +HostKey /etc/ssh/ssh_host_rsa_key
 +HostKey /etc/ssh/ssh_host_dsa_key
 +HostKey /etc/ssh/ssh_host_ecdsa_key
 +HostKey /etc/ssh/ssh_host_ed25519_key
 +#Privilege Separation is turned on for security
 +UsePrivilegeSeparation yes
 +
 +# Lifetime and size of ephemeral version 1 server key
 +KeyRegenerationInterval 3600
 +ServerKeyBits 1024
 +
 +# Logging
 +SyslogFacility AUTH
 +LogLevel INFO
 +
 +# Authentication:
 +LoginGraceTime 120
 +PermitRootLogin prohibit-password
 +StrictModes yes
 +
 +RSAAuthentication yes
 +PubkeyAuthentication yes
 +#AuthorizedKeysFile     %h/.ssh/authorized_keys
 +
 +# Don't read the user's ~/.rhosts and ~/.shosts files
 +IgnoreRhosts yes
 +# For this to work you will also need host keys in /etc/ssh_known_hosts
 +RhostsRSAAuthentication no
 +# similar for protocol version 2
 +HostbasedAuthentication no
 +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
 +#IgnoreUserKnownHosts yes
 +
 +# To enable empty passwords, change to yes (NOT RECOMMENDED)
 +PermitEmptyPasswords no
 +
 +# Change to yes to enable challenge-response passwords (beware issues with
 +# some PAM modules and threads)
 +ChallengeResponseAuthentication no
 +
 +# Change to no to disable tunnelled clear text passwords
 +#PasswordAuthentication yes
 +
 +# Kerberos options
 +#KerberosAuthentication no
 +#KerberosGetAFSToken no
 +#KerberosOrLocalPasswd yes
 +#KerberosTicketCleanup yes
 +
 +# GSSAPI options
 +#GSSAPIAuthentication no
 +#GSSAPICleanupCredentials yes
 +
 +X11Forwarding yes
 +X11DisplayOffset 10
 +PrintMotd no
 +PrintLastLog yes
 +TCPKeepAlive yes
 +#UseLogin no
 +
 +#MaxStartups 10:30:60
 +#Banner /etc/issue.net
 +
 +# Allow client to pass locale environment variables
 +AcceptEnv LANG LC_*
 +
 +Subsystem sftp /usr/lib/openssh/sftp-server
 +
 +# Set this to 'yes' to enable PAM authentication, account processing,
 +# and session processing. If this is enabled, PAM authentication will
 +# be allowed through the ChallengeResponseAuthentication and
 +# PasswordAuthentication.  Depending on your PAM configuration,
 +# PAM authentication via ChallengeResponseAuthentication may bypass
 +# the setting of "PermitRootLogin without-password".
 +# If you just want the PAM account and session checks to run without
 +# PAM authentication, then enable this but set PasswordAuthentication
 +# and ChallengeResponseAuthentication to 'no'.
 +UsePAM yes
 +</sxh>
  
 \\ \\


os/linux/set/deamon/etc_ssh_sshd_config.html.1518796904.txt.gz · Last modified: 2018/02/17 01:01 by kurihara

Page Tools


Home     About     Contact

Copyright (c) 2025 FastHandle - IT Operations Examples All Rights Reserved.