alxwr
6 years ago
2 changed files with 0 additions and 12 deletions
+ 0
- 8
openssh/files/sshd_config
View File
| {#- Privilege Separation is turned on for security -#} | {#- Privilege Separation is turned on for security -#} | ||||
| {{- option('UsePrivilegeSeparation') -}} | {{- option('UsePrivilegeSeparation') -}} | ||||
| {#- Lifetime and size of ephemeral version 1 server key -#} | |||||
| {{- option('KeyRegenerationInterval') -}} | |||||
| {{- option('ServerKeyBits') -}} | |||||
| {#- Logging -#} | {#- Logging -#} | ||||
| {{- option('SyslogFacility') -}} | {{- option('SyslogFacility') -}} | ||||
| {{- option('LogLevel') -}} | {{- option('LogLevel') -}} | ||||
| {{- option('MaxAuthTries') -}} | {{- option('MaxAuthTries') -}} | ||||
| {{- option('MaxSessions') -}} | {{- option('MaxSessions') -}} | ||||
| {{- option('DSAAuthentication') -}} | |||||
| {{- option('RSAAuthentication') -}} | |||||
| {{- option('PubkeyAuthentication') -}} | {{- option('PubkeyAuthentication') -}} | ||||
| {{- option('AuthorizedKeysFile') -}} | {{- option('AuthorizedKeysFile') -}} | ||||
| {{- option('AuthorizedKeysCommand') -}} | {{- option('AuthorizedKeysCommand') -}} | ||||
| {#- Don't read the user's ~/.rhosts and ~/.shosts files -#} | {#- Don't read the user's ~/.rhosts and ~/.shosts files -#} | ||||
| {{- option('IgnoreRhosts') -}} | {{- option('IgnoreRhosts') -}} | ||||
| {#- For this to work you will also need host keys in /etc/ssh_known_hosts -#} | |||||
| {{- option('RhostsRSAAuthentication') -}} | |||||
| {#- similar for protocol version 2 -#} | {#- similar for protocol version 2 -#} | ||||
| {{- option('HostbasedAuthentication') -}} | {{- option('HostbasedAuthentication') -}} | ||||
| {#- Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#} | {#- Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#} |
+ 0
- 4
pillar.example
View File
| - /etc/ssh/ssh_host_ecdsa_key | - /etc/ssh/ssh_host_ecdsa_key | ||||
| - /etc/ssh/ssh_host_ed25519_key | - /etc/ssh/ssh_host_ed25519_key | ||||
| UsePrivilegeSeparation: 'sandbox' | UsePrivilegeSeparation: 'sandbox' | ||||
| KeyRegenerationInterval: 3600 | |||||
| ServerKeyBits: 1024 | |||||
| SyslogFacility: AUTH | SyslogFacility: AUTH | ||||
| LogLevel: INFO | LogLevel: INFO | ||||
| ClientAliveInterval: 0 | ClientAliveInterval: 0 | ||||
| StrictModes: 'yes' | StrictModes: 'yes' | ||||
| MaxAuthTries: 6 | MaxAuthTries: 6 | ||||
| MaxSessions: 10 | MaxSessions: 10 | ||||
| RSAAuthentication: 'yes' | |||||
| PubkeyAuthentication: 'yes' | PubkeyAuthentication: 'yes' | ||||
| AuthorizedKeysCommand: '/usr/bin/sss_ssh_authorizedkeys' | AuthorizedKeysCommand: '/usr/bin/sss_ssh_authorizedkeys' | ||||
| AuthorizedKeysCommandUser: 'nobody' | AuthorizedKeysCommandUser: 'nobody' | ||||
| IgnoreRhosts: 'yes' | IgnoreRhosts: 'yes' | ||||
| RhostsRSAAuthentication: 'no' | |||||
| HostbasedAuthentication: 'no' | HostbasedAuthentication: 'no' | ||||
| PermitEmptyPasswords: 'no' | PermitEmptyPasswords: 'no' | ||||
| ChallengeResponseAuthentication: 'no' | ChallengeResponseAuthentication: 'no' |
Loading…