Browse Source

add ed25519 host key type; add AuthenticationMethods option

master
Bohdan Kmit 10 years ago
parent
commit
b843d8168b
2 changed files with 4 additions and 1 deletions
  1. +2
    -1
      openssh/files/sshd_config
  2. +2
    -0
      pillar.example

+ 2
- 1
openssh/files/sshd_config View File

{{ option_default_uncommented('Protocol', 2) }} {{ option_default_uncommented('Protocol', 2) }}


# HostKeys for protocol version 2 # HostKeys for protocol version 2
{{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key']) -}}
{{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']) -}}


#Privilege Separation is turned on for security #Privilege Separation is turned on for security
{{ option_default_uncommented('UsePrivilegeSeparation', 'yes') }} {{ option_default_uncommented('UsePrivilegeSeparation', 'yes') }}
# Change to yes to enable challenge-response passwords (beware issues with # Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads) # some PAM modules and threads)
{{ option_default_uncommented('ChallengeResponseAuthentication', 'no') }} {{ option_default_uncommented('ChallengeResponseAuthentication', 'no') }}
{{ option('AuthenticationMethods', 'publickey,keyboard-interactive') }}


# Change to no to disable tunnelled clear text passwords # Change to no to disable tunnelled clear text passwords
{{ option('PasswordAuthentication', 'yes') }} {{ option('PasswordAuthentication', 'yes') }}

+ 2
- 0
pillar.example View File

- /etc/ssh/ssh_host_rsa_key - /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_dsa_key - /etc/ssh/ssh_host_dsa_key
- /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation: 'yes' UsePrivilegeSeparation: 'yes'
KeyRegenerationInterval: 3600 KeyRegenerationInterval: 3600
ServerKeyBits: 768 ServerKeyBits: 768
HostbasedAuthentication: 'no' HostbasedAuthentication: 'no'
PermitEmptyPasswords: 'no' PermitEmptyPasswords: 'no'
ChallengeResponseAuthentication: 'no' ChallengeResponseAuthentication: 'no'
AuthenticationMethods 'publickey,keyboard-interactive'
X11Forwarding: 'yes' X11Forwarding: 'yes'
X11DisplayOffset: 10 X11DisplayOffset: 10
PrintMotd: 'no' PrintMotd: 'no'

Loading…
Cancel
Save