Created
May 12, 2018 13:13
-
-
Save kuzaxak/2d4214ec05b35a818af88ae14aecc00a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Port 22 | |
#AddressFamily any | |
#ListenAddress 0.0.0.0 | |
#ListenAddress :: | |
HostKey /etc/ssh/ssh_host_ed25519_key | |
HostKey /etc/ssh/ssh_host_rsa_key | |
HostKey /etc/ssh/ssh_host_ecdsa_key | |
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 | |
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr | |
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com | |
# Ciphers and keying | |
#RekeyLimit default none | |
# Logging | |
#SyslogFacility AUTH | |
SyslogFacility AUTHPRIV | |
#LogLevel VERBOSE | |
#LoginGraceTime 2m | |
#PermitRootLogin yes | |
#StrictModes yes | |
#MaxAuthTries 6 | |
#MaxSessions 10 | |
AuthenticationMethods publickey | |
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 | |
# but this is overridden so installations will only check .ssh/authorized_keys | |
AuthorizedKeysFile .ssh/authorized_keys | |
# To disable tunneled clear text passwords, change to no here! | |
PasswordAuthentication no | |
PermitEmptyPasswords no | |
ChallengeResponseAuthentication no | |
# GSSAPI options | |
GSSAPIAuthentication yes | |
GSSAPICleanupCredentials no | |
#GSSAPIStrictAcceptorCheck yes | |
#GSSAPIKeyExchange no | |
#GSSAPIEnablek5users no | |
# Set this to 'yes' to enable PAM authentication, account processing, | |
# and session processing. If this is enabled, PAM authentication will | |
# be allowed through the ChallengeResponseAuthentication and | |
# PasswordAuthentication. Depending on your PAM configuration, | |
# PAM authentication via ChallengeResponseAuthentication may bypass | |
# the setting of "PermitRootLogin without-password". | |
# If you just want the PAM account and session checks to run without | |
# PAM authentication, then enable this but set PasswordAuthentication | |
# and ChallengeResponseAuthentication to 'no'. | |
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several | |
# problems. | |
UsePAM yes | |
# Accept locale-related environment variables | |
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | |
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | |
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE | |
AcceptEnv XMODIFIERS | |
# override default of no subsystems | |
Subsystem sftp /usr/libexec/openssh/sftp-server | |
Protocol 2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment