diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh')
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh/ssh_config | 4 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh/sshd_config | 15 |
2 files changed, 9 insertions, 10 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config index e0d023803e..05eecb465f 100644 --- a/meta/recipes-connectivity/openssh/openssh/ssh_config +++ b/meta/recipes-connectivity/openssh/openssh/ssh_config | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ | 1 | # $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ |
| 2 | 2 | ||
| 3 | # This is the ssh client system-wide configuration file. See | 3 | # This is the ssh client system-wide configuration file. See |
| 4 | # ssh_config(5) for more information. This file provides defaults for | 4 | # ssh_config(5) for more information. This file provides defaults for |
| @@ -36,7 +36,6 @@ Host * | |||
| 36 | # IdentityFile ~/.ssh/id_ecdsa | 36 | # IdentityFile ~/.ssh/id_ecdsa |
| 37 | # IdentityFile ~/.ssh/id_ed25519 | 37 | # IdentityFile ~/.ssh/id_ed25519 |
| 38 | # Port 22 | 38 | # Port 22 |
| 39 | # Protocol 2 | ||
| 40 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc | 39 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc |
| 41 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com | 40 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com |
| 42 | # EscapeChar ~ | 41 | # EscapeChar ~ |
| @@ -46,3 +45,4 @@ Host * | |||
| 46 | # VisualHostKey no | 45 | # VisualHostKey no |
| 47 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | 46 | # ProxyCommand ssh -q -W %h:%p gateway.example.com |
| 48 | # RekeyLimit 1G 1h | 47 | # RekeyLimit 1G 1h |
| 48 | # UserKnownHostsFile ~/.ssh/known_hosts.d/%k | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index 15f061b570..9c53805890 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ | 1 | # $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ |
| 2 | 2 | ||
| 3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
| 4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
| @@ -57,9 +57,9 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
| 57 | #PasswordAuthentication yes | 57 | #PasswordAuthentication yes |
| 58 | #PermitEmptyPasswords no | 58 | #PermitEmptyPasswords no |
| 59 | 59 | ||
| 60 | # Change to yes to enable challenge-response passwords (beware issues with | 60 | # Change to yes to enable keyboard-interactive authentication (beware issues |
| 61 | # some PAM modules and threads) | 61 | # with some PAM modules and threads) |
| 62 | ChallengeResponseAuthentication no | 62 | KbdInteractiveAuthentication no |
| 63 | 63 | ||
| 64 | # Kerberos options | 64 | # Kerberos options |
| 65 | #KerberosAuthentication no | 65 | #KerberosAuthentication no |
| @@ -73,13 +73,13 @@ ChallengeResponseAuthentication no | |||
| 73 | 73 | ||
| 74 | # Set this to 'yes' to enable PAM authentication, account processing, | 74 | # Set this to 'yes' to enable PAM authentication, account processing, |
| 75 | # and session processing. If this is enabled, PAM authentication will | 75 | # and session processing. If this is enabled, PAM authentication will |
| 76 | # be allowed through the ChallengeResponseAuthentication and | 76 | # be allowed through the KbdInteractiveAuthentication and |
| 77 | # PasswordAuthentication. Depending on your PAM configuration, | 77 | # PasswordAuthentication. Depending on your PAM configuration, |
| 78 | # PAM authentication via ChallengeResponseAuthentication may bypass | 78 | # PAM authentication via KbdInteractiveAuthentication may bypass |
| 79 | # the setting of "PermitRootLogin without-password". | 79 | # the setting of "PermitRootLogin without-password". |
| 80 | # If you just want the PAM account and session checks to run without | 80 | # If you just want the PAM account and session checks to run without |
| 81 | # PAM authentication, then enable this but set PasswordAuthentication | 81 | # PAM authentication, then enable this but set PasswordAuthentication |
| 82 | # and ChallengeResponseAuthentication to 'no'. | 82 | # and KbdInteractiveAuthentication to 'no'. |
| 83 | #UsePAM no | 83 | #UsePAM no |
| 84 | 84 | ||
| 85 | #AllowAgentForwarding yes | 85 | #AllowAgentForwarding yes |
| @@ -92,7 +92,6 @@ ChallengeResponseAuthentication no | |||
| 92 | #PrintMotd yes | 92 | #PrintMotd yes |
| 93 | #PrintLastLog yes | 93 | #PrintLastLog yes |
| 94 | #TCPKeepAlive yes | 94 | #TCPKeepAlive yes |
| 95 | #UseLogin no | ||
| 96 | #PermitUserEnvironment no | 95 | #PermitUserEnvironment no |
| 97 | Compression no | 96 | Compression no |
| 98 | ClientAliveInterval 15 | 97 | ClientAliveInterval 15 |