salt
/
openssh-formula
forkeado de ExternalMirrors/openssh-formula
Seguir 1
Destacar 0
Fork 0
Código Lanzamientos 0 Actividad
Saltstack Official OpenSSH Formula
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
21 Commits
1 Rama
Árbol: e2cddca13e
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'e2cddca13e'
${ noResults }
openssh-formula/openssh/files/sshd_config

106 líneas
3.0KB
Original Blame Histórico 

  1. {% set sshd_config = pillar.get('sshd_config', {}) %}

  2. 

  3. # This file is managed by salt. Manual changes risk being overwritten.

  4. # The contents of the original sshd_config are kept on the bottom for

  5. # quick reference.

  6. # See the sshd_config(5) manpage for details

  7. 

  8. {% for keyword, argument in sshd_config.iteritems() %}

  9.     {%- if argument is sameas true %}

  10. {{ keyword }} yes

  11.     {%- elif argument is sameas false %}

  12. {{ keyword }} no

  13.     {%- elif argument is string or argument is number %}

  14. {{ keyword }} {{ argument }}

  15.     {%- else %}

  16.         {%- for item in argument %}

  17. {{ keyword }} {{ item }}

  18.         {%- endfor %}

  19.     {%- endif %}

  20. {%- endfor %}

  21. 

  22. # What ports, IPs and protocols we listen for

  23. #Port 22

  24. # Use these options to restrict which interfaces/protocols sshd will bind to

  25. #ListenAddress ::

  26. #ListenAddress 0.0.0.0

  27. #Protocol 2

  28. # HostKeys for protocol version 2

  29. #HostKey /etc/ssh/ssh_host_rsa_key

  30. #HostKey /etc/ssh/ssh_host_dsa_key

  31. #HostKey /etc/ssh/ssh_host_ecdsa_key

  32. #Privilege Separation is turned on for security

  33. #UsePrivilegeSeparation yes

  34. 

  35. # Lifetime and size of ephemeral version 1 server key

  36. #KeyRegenerationInterval 3600

  37. #ServerKeyBits 768

  38. 

  39. # Logging

  40. #SyslogFacility AUTH

  41. #LogLevel INFO

  42. 

  43. # Authentication:

  44. #LoginGraceTime 120

  45. #PermitRootLogin yes

  46. #StrictModes yes

  47. 

  48. #RSAAuthentication yes

  49. #PubkeyAuthentication yes

  50. #AuthorizedKeysFile	%h/.ssh/authorized_keys

  51. 

  52. # Don't read the user's ~/.rhosts and ~/.shosts files

  53. #IgnoreRhosts yes

  54. # For this to work you will also need host keys in /etc/ssh_known_hosts

  55. #RhostsRSAAuthentication no

  56. # similar for protocol version 2

  57. #HostbasedAuthentication no

  58. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

  59. #IgnoreUserKnownHosts yes

  60. 

  61. # To enable empty passwords, change to yes (NOT RECOMMENDED)

  62. #PermitEmptyPasswords no

  63. 

  64. # Change to yes to enable challenge-response passwords (beware issues with

  65. # some PAM modules and threads)

  66. #ChallengeResponseAuthentication no

  67. 

  68. # Change to no to disable tunnelled clear text passwords

  69. #PasswordAuthentication yes

  70. 

  71. # Kerberos options

  72. #KerberosAuthentication no

  73. #KerberosGetAFSToken no

  74. #KerberosOrLocalPasswd yes

  75. #KerberosTicketCleanup yes

  76. 

  77. # GSSAPI options

  78. #GSSAPIAuthentication no

  79. #GSSAPICleanupCredentials yes

  80. 

  81. #X11Forwarding yes

  82. #X11DisplayOffset 10

  83. #PrintMotd no

  84. #PrintLastLog yes

  85. #TCPKeepAlive yes

  86. #UseLogin no

  87. 

  88. #MaxStartups 10:30:60

  89. #Banner /etc/issue.net

  90. 

  91. # Allow client to pass locale environment variables

  92. #AcceptEnv LANG LC_*

  93. 

  94. #Subsystem sftp /usr/lib/openssh/sftp-server

  95. 

  96. # Set this to 'yes' to enable PAM authentication, account processing,

  97. # and session processing. If this is enabled, PAM authentication will

  98. # be allowed through the ChallengeResponseAuthentication and

  99. # PasswordAuthentication.  Depending on your PAM configuration,

  100. # PAM authentication via ChallengeResponseAuthentication may bypass

  101. # the setting of "PermitRootLogin without-password".

  102. # If you just want the PAM account and session checks to run without

  103. # PAM authentication, then enable this but set PasswordAuthentication

  104. # and ChallengeResponseAuthentication to 'no'.

  105. #UsePAM yes