Lenny/Dateiliste/sshd config
Archiv: Dieser Artikel beschreibt nicht die Funktionalität des derzeit aktuellen delixs-Servers. Er beschreibt ältere Schulserver-Funktionen und dient dem Zweck der Archivierung. |
/etc/ssh/sshd_config
Achtung: Bitte achten Sie unbedingt darauf, beim Kopieren und Einfügen einen Editor mit UNIX-Zeilenumbrüchen zu verwenden!
Hinweis: Die im delixs-Schulserver geänderten Zeilen sind gelb unterlegt.
<source highlight="1,25-27" lang="text">
- delixs-Schulserver configuration file
- See the sshd(8) manpage for details
- What ports, IPs and protocols we listen for
Port 22
- Use these options to restrict which interfaces/protocols sshd will bind to
- ListenAddress ::
- ListenAddress 0.0.0.0
Protocol 2
- HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key
- Privilege Separation is turned on for security
UsePrivilegeSeparation yes
- Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600 ServerKeyBits 768
- Logging
SyslogFacility AUTH LogLevel INFO
- Authentication:
MaxAuthTries 4 LoginGraceTime 30 PermitRootLogin no StrictModes yes
RSAAuthentication yes PubkeyAuthentication yes
- AuthorizedKeysFile %h/.ssh/authorized_keys
- Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
- For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
- similar for protocol version 2
HostbasedAuthentication no
- Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
- IgnoreUserKnownHosts yes
- To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
- Change to yes to enable challenge-response passwords (beware issues with
- some PAM modules and threads)
ChallengeResponseAuthentication no
- Change to no to disable tunnelled clear text passwords
- PasswordAuthentication yes
- Kerberos options
- KerberosAuthentication no
- KerberosGetAFSToken no
- KerberosOrLocalPasswd yes
- KerberosTicketCleanup yes
- GSSAPI options
- GSSAPIAuthentication no
- GSSAPICleanupCredentials yes
X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes
- UseLogin no
- MaxStartups 10:30:60
- Banner /etc/issue.net
- Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
</source>