소스 검색

add ed25519 host key type; add AuthenticationMethods option

master
Bohdan Kmit 10 년 전
부모
커밋
b843d8168b
2개의 변경된 파일4개의 추가작업 그리고 1개의 파일을 삭제
  1. +2
    -1
      openssh/files/sshd_config
  2. +2
    -0
      pillar.example

+ 2
- 1
openssh/files/sshd_config 파일 보기

@@ -54,7 +54,7 @@
{{ option_default_uncommented('Protocol', 2) }}

# HostKeys for protocol version 2
{{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key']) -}}
{{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']) -}}

#Privilege Separation is turned on for security
{{ option_default_uncommented('UsePrivilegeSeparation', 'yes') }}
@@ -92,6 +92,7 @@
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
{{ option_default_uncommented('ChallengeResponseAuthentication', 'no') }}
{{ option('AuthenticationMethods', 'publickey,keyboard-interactive') }}

# Change to no to disable tunnelled clear text passwords
{{ option('PasswordAuthentication', 'yes') }}

+ 2
- 0
pillar.example 파일 보기

@@ -5,6 +5,7 @@ sshd_config:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_dsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation: 'yes'
KeyRegenerationInterval: 3600
ServerKeyBits: 768
@@ -21,6 +22,7 @@ sshd_config:
HostbasedAuthentication: 'no'
PermitEmptyPasswords: 'no'
ChallengeResponseAuthentication: 'no'
AuthenticationMethods 'publickey,keyboard-interactive'
X11Forwarding: 'yes'
X11DisplayOffset: 10
PrintMotd: 'no'

Loading…
취소
저장