Explorar el Código

add ed25519 host key type; add AuthenticationMethods option

master
Bohdan Kmit hace 10 años
padre
commit
b843d8168b
Se han modificado 2 ficheros con 4 adiciones y 1 borrados
  1. +2
    -1
      openssh/files/sshd_config
  2. +2
    -0
      pillar.example

+ 2
- 1
openssh/files/sshd_config Ver fichero

@@ -54,7 +54,7 @@
{{ option_default_uncommented('Protocol', 2) }}

# HostKeys for protocol version 2
{{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key']) -}}
{{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']) -}}

#Privilege Separation is turned on for security
{{ option_default_uncommented('UsePrivilegeSeparation', 'yes') }}
@@ -92,6 +92,7 @@
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
{{ option_default_uncommented('ChallengeResponseAuthentication', 'no') }}
{{ option('AuthenticationMethods', 'publickey,keyboard-interactive') }}

# Change to no to disable tunnelled clear text passwords
{{ option('PasswordAuthentication', 'yes') }}

+ 2
- 0
pillar.example Ver fichero

@@ -5,6 +5,7 @@ sshd_config:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_dsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation: 'yes'
KeyRegenerationInterval: 3600
ServerKeyBits: 768
@@ -21,6 +22,7 @@ sshd_config:
HostbasedAuthentication: 'no'
PermitEmptyPasswords: 'no'
ChallengeResponseAuthentication: 'no'
AuthenticationMethods 'publickey,keyboard-interactive'
X11Forwarding: 'yes'
X11DisplayOffset: 10
PrintMotd: 'no'

Cargando…
Cancelar
Guardar