From 3fc552076879960e5373dc68acc345ddbbcdd886 Mon Sep 17 00:00:00 2001 From: deepend Date: Mon, 1 Jan 2024 02:57:34 +0000 Subject: [PATCH] Update roles/common/files/sshd_config --- roles/common/files/sshd_config | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/common/files/sshd_config b/roles/common/files/sshd_config index 7489f189..aaaf7780 100644 --- a/roles/common/files/sshd_config +++ b/roles/common/files/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -24,7 +24,7 @@ Port 2222 #RekeyLimit default none # Logging -#SyslogFacility AUTH +SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: @@ -38,7 +38,7 @@ PermitRootLogin without-password PubkeyAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 +AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none @@ -55,6 +55,7 @@ PubkeyAuthentication yes # To disable tunneled clear text passwords, change to no here! #PermitEmptyPasswords no +PasswordAuthentication no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) @@ -67,8 +68,8 @@ ChallengeResponseAuthentication yes #KerberosGetAFSToken no # GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes +GSSAPIAuthentication yes +GSSAPICleanupCredentials no #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no @@ -88,7 +89,7 @@ UsePAM yes #AllowAgentForwarding yes AllowTcpForwarding yes #GatewayPorts no -X11Forwarding no +X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes @@ -97,7 +98,7 @@ PrintMotd no #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation sandbox -#PermitUserEnvironment no +PermitUserEnvironment yes #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 @@ -115,14 +116,13 @@ PrintMotd no AcceptEnv LANG LC_* # override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server +Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server -ClientAliveInterval 120 -PasswordAuthentication no +ClientAliveInterval 120 \ No newline at end of file