Bohdan Kmit
10 years ago
2 changed files with 4 additions and 1 deletions
+ 2
- 1
openssh/files/sshd_config
View File
| @@ -54,7 +54,7 @@ | |||
| {{ option_default_uncommented('Protocol', 2) }} | |||
| # HostKeys for protocol version 2 | |||
| {{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key']) -}} | |||
| {{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']) -}} | |||
| #Privilege Separation is turned on for security | |||
| {{ option_default_uncommented('UsePrivilegeSeparation', 'yes') }} | |||
| @@ -92,6 +92,7 @@ | |||
| # Change to yes to enable challenge-response passwords (beware issues with | |||
| # some PAM modules and threads) | |||
| {{ option_default_uncommented('ChallengeResponseAuthentication', 'no') }} | |||
| {{ option('AuthenticationMethods', 'publickey,keyboard-interactive') }} | |||
| # Change to no to disable tunnelled clear text passwords | |||
| {{ option('PasswordAuthentication', 'yes') }} | |||
+ 2
- 0
pillar.example
View File
| @@ -5,6 +5,7 @@ sshd_config: | |||
| - /etc/ssh/ssh_host_rsa_key | |||
| - /etc/ssh/ssh_host_dsa_key | |||
| - /etc/ssh/ssh_host_ecdsa_key | |||
| - /etc/ssh/ssh_host_ed25519_key | |||
| UsePrivilegeSeparation: 'yes' | |||
| KeyRegenerationInterval: 3600 | |||
| ServerKeyBits: 768 | |||
| @@ -21,6 +22,7 @@ sshd_config: | |||
| HostbasedAuthentication: 'no' | |||
| PermitEmptyPasswords: 'no' | |||
| ChallengeResponseAuthentication: 'no' | |||
| AuthenticationMethods 'publickey,keyboard-interactive' | |||
| X11Forwarding: 'yes' | |||
| X11DisplayOffset: 10 | |||
| PrintMotd: 'no' | |||
Loading…