diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/sshd_config')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/sshd_config | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index 4f9b626fbd..3553669aa0 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config | |||
@@ -15,9 +15,7 @@ | |||
15 | #ListenAddress 0.0.0.0 | 15 | #ListenAddress 0.0.0.0 |
16 | #ListenAddress :: | 16 | #ListenAddress :: |
17 | 17 | ||
18 | # Disable legacy (protocol version 1) support in the server for new | 18 | # The default requires explicit activation of protocol 1 |
19 | # installations. In future the default will change to require explicit | ||
20 | # activation of protocol 1 | ||
21 | Protocol 2 | 19 | Protocol 2 |
22 | 20 | ||
23 | # HostKey for protocol version 1 | 21 | # HostKey for protocol version 1 |
@@ -25,11 +23,16 @@ Protocol 2 | |||
25 | # HostKeys for protocol version 2 | 23 | # HostKeys for protocol version 2 |
26 | #HostKey /etc/ssh/ssh_host_rsa_key | 24 | #HostKey /etc/ssh/ssh_host_rsa_key |
27 | #HostKey /etc/ssh/ssh_host_dsa_key | 25 | #HostKey /etc/ssh/ssh_host_dsa_key |
26 | #HostKey /etc/ssh/ssh_host_ecdsa_key | ||
27 | #HostKey /etc/ssh/ssh_host_ed25519_key | ||
28 | 28 | ||
29 | # Lifetime and size of ephemeral version 1 server key | 29 | # Lifetime and size of ephemeral version 1 server key |
30 | #KeyRegenerationInterval 1h | 30 | #KeyRegenerationInterval 1h |
31 | #ServerKeyBits 1024 | 31 | #ServerKeyBits 1024 |
32 | 32 | ||
33 | # Ciphers and keying | ||
34 | #RekeyLimit default none | ||
35 | |||
33 | # Logging | 36 | # Logging |
34 | # obsoletes QuietMode and FascistLogging | 37 | # obsoletes QuietMode and FascistLogging |
35 | #SyslogFacility AUTH | 38 | #SyslogFacility AUTH |
@@ -45,7 +48,15 @@ Protocol 2 | |||
45 | 48 | ||
46 | #RSAAuthentication yes | 49 | #RSAAuthentication yes |
47 | #PubkeyAuthentication yes | 50 | #PubkeyAuthentication yes |
48 | #AuthorizedKeysFile .ssh/authorized_keys | 51 | |
52 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 | ||
53 | # but this is overridden so installations will only check .ssh/authorized_keys | ||
54 | AuthorizedKeysFile .ssh/authorized_keys | ||
55 | |||
56 | #AuthorizedPrincipalsFile none | ||
57 | |||
58 | #AuthorizedKeysCommand none | ||
59 | #AuthorizedKeysCommandUser nobody | ||
49 | 60 | ||
50 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | 61 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts |
51 | #RhostsRSAAuthentication no | 62 | #RhostsRSAAuthentication no |
@@ -74,8 +85,8 @@ Protocol 2 | |||
74 | #GSSAPIAuthentication no | 85 | #GSSAPIAuthentication no |
75 | #GSSAPICleanupCredentials yes | 86 | #GSSAPICleanupCredentials yes |
76 | 87 | ||
77 | # Set this to 'yes' to enable PAM authentication, account processing, | 88 | # Set this to 'yes' to enable PAM authentication, account processing, |
78 | # and session processing. If this is enabled, PAM authentication will | 89 | # and session processing. If this is enabled, PAM authentication will |
79 | # be allowed through the ChallengeResponseAuthentication and | 90 | # be allowed through the ChallengeResponseAuthentication and |
80 | # PasswordAuthentication. Depending on your PAM configuration, | 91 | # PasswordAuthentication. Depending on your PAM configuration, |
81 | # PAM authentication via ChallengeResponseAuthentication may bypass | 92 | # PAM authentication via ChallengeResponseAuthentication may bypass |
@@ -91,20 +102,22 @@ Protocol 2 | |||
91 | #X11Forwarding no | 102 | #X11Forwarding no |
92 | #X11DisplayOffset 10 | 103 | #X11DisplayOffset 10 |
93 | #X11UseLocalhost yes | 104 | #X11UseLocalhost yes |
105 | #PermitTTY yes | ||
94 | #PrintMotd yes | 106 | #PrintMotd yes |
95 | #PrintLastLog yes | 107 | #PrintLastLog yes |
96 | #TCPKeepAlive yes | 108 | #TCPKeepAlive yes |
97 | #UseLogin no | 109 | #UseLogin no |
98 | UsePrivilegeSeparation yes | 110 | UsePrivilegeSeparation sandbox # Default for new installations. |
99 | #PermitUserEnvironment no | 111 | #PermitUserEnvironment no |
100 | Compression no | 112 | Compression no |
101 | ClientAliveInterval 15 | 113 | ClientAliveInterval 15 |
102 | ClientAliveCountMax 4 | 114 | ClientAliveCountMax 4 |
103 | #UseDNS yes | 115 | #UseDNS yes |
104 | #PidFile /var/run/sshd.pid | 116 | #PidFile /var/run/sshd.pid |
105 | #MaxStartups 10 | 117 | #MaxStartups 10:30:100 |
106 | #PermitTunnel no | 118 | #PermitTunnel no |
107 | #ChrootDirectory none | 119 | #ChrootDirectory none |
120 | #VersionAddendum none | ||
108 | 121 | ||
109 | # no default banner path | 122 | # no default banner path |
110 | #Banner none | 123 | #Banner none |
@@ -116,4 +129,5 @@ Subsystem sftp /usr/libexec/sftp-server | |||
116 | #Match User anoncvs | 129 | #Match User anoncvs |
117 | # X11Forwarding no | 130 | # X11Forwarding no |
118 | # AllowTcpForwarding no | 131 | # AllowTcpForwarding no |
132 | # PermitTTY no | ||
119 | # ForceCommand cvs server | 133 | # ForceCommand cvs server |