diff options
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/ssh_config | 12 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/sshd_config | 29 |
2 files changed, 14 insertions, 27 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config index 9e919156d3..e0d023803e 100644 --- a/meta/recipes-connectivity/openssh/openssh/ssh_config +++ b/meta/recipes-connectivity/openssh/openssh/ssh_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ | 1 | # $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ |
2 | 2 | ||
3 | # This is the ssh client system-wide configuration file. See | 3 | # This is the ssh client system-wide configuration file. See |
4 | # ssh_config(5) for more information. This file provides defaults for | 4 | # ssh_config(5) for more information. This file provides defaults for |
@@ -31,14 +31,14 @@ Host * | |||
31 | # AddressFamily any | 31 | # AddressFamily any |
32 | # ConnectTimeout 0 | 32 | # ConnectTimeout 0 |
33 | # StrictHostKeyChecking ask | 33 | # StrictHostKeyChecking ask |
34 | # IdentityFile ~/.ssh/identity | ||
35 | # IdentityFile ~/.ssh/id_rsa | 34 | # IdentityFile ~/.ssh/id_rsa |
36 | # IdentityFile ~/.ssh/id_dsa | 35 | # IdentityFile ~/.ssh/id_dsa |
36 | # IdentityFile ~/.ssh/id_ecdsa | ||
37 | # IdentityFile ~/.ssh/id_ed25519 | ||
37 | # Port 22 | 38 | # Port 22 |
38 | # Protocol 2,1 | 39 | # Protocol 2 |
39 | # Cipher 3des | 40 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc |
40 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc | 41 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com |
41 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 | ||
42 | # EscapeChar ~ | 42 | # EscapeChar ~ |
43 | # Tunnel no | 43 | # Tunnel no |
44 | # TunnelDevice any:any | 44 | # TunnelDevice any:any |
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index b7c3ccd984..15f061b570 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ | 1 | # $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
@@ -7,7 +7,7 @@ | |||
7 | 7 | ||
8 | # The strategy used for options in the default sshd_config shipped with | 8 | # The strategy used for options in the default sshd_config shipped with |
9 | # OpenSSH is to specify options with their default value where | 9 | # OpenSSH is to specify options with their default value where |
10 | # possible, but leave them commented. Uncommented options change a | 10 | # possible, but leave them commented. Uncommented options override the |
11 | # default value. | 11 | # default value. |
12 | 12 | ||
13 | #Port 22 | 13 | #Port 22 |
@@ -15,42 +15,30 @@ | |||
15 | #ListenAddress 0.0.0.0 | 15 | #ListenAddress 0.0.0.0 |
16 | #ListenAddress :: | 16 | #ListenAddress :: |
17 | 17 | ||
18 | # The default requires explicit activation of protocol 1 | ||
19 | Protocol 2 | ||
20 | |||
21 | # HostKey for protocol version 1 | ||
22 | #HostKey /etc/ssh/ssh_host_key | ||
23 | # HostKeys for protocol version 2 | ||
24 | #HostKey /etc/ssh/ssh_host_rsa_key | 18 | #HostKey /etc/ssh/ssh_host_rsa_key |
25 | #HostKey /etc/ssh/ssh_host_ecdsa_key | 19 | #HostKey /etc/ssh/ssh_host_ecdsa_key |
26 | #HostKey /etc/ssh/ssh_host_ed25519_key | 20 | #HostKey /etc/ssh/ssh_host_ed25519_key |
27 | 21 | ||
28 | # Lifetime and size of ephemeral version 1 server key | ||
29 | #KeyRegenerationInterval 1h | ||
30 | #ServerKeyBits 1024 | ||
31 | |||
32 | # Ciphers and keying | 22 | # Ciphers and keying |
33 | #RekeyLimit default none | 23 | #RekeyLimit default none |
34 | 24 | ||
35 | # Logging | 25 | # Logging |
36 | # obsoletes QuietMode and FascistLogging | ||
37 | #SyslogFacility AUTH | 26 | #SyslogFacility AUTH |
38 | #LogLevel INFO | 27 | #LogLevel INFO |
39 | 28 | ||
40 | # Authentication: | 29 | # Authentication: |
41 | 30 | ||
42 | #LoginGraceTime 2m | 31 | #LoginGraceTime 2m |
43 | #PermitRootLogin yes | 32 | #PermitRootLogin prohibit-password |
44 | #StrictModes yes | 33 | #StrictModes yes |
45 | #MaxAuthTries 6 | 34 | #MaxAuthTries 6 |
46 | #MaxSessions 10 | 35 | #MaxSessions 10 |
47 | 36 | ||
48 | #RSAAuthentication yes | ||
49 | #PubkeyAuthentication yes | 37 | #PubkeyAuthentication yes |
50 | 38 | ||
51 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 | 39 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 |
52 | # but this is overridden so installations will only check .ssh/authorized_keys | 40 | # but this is overridden so installations will only check .ssh/authorized_keys |
53 | AuthorizedKeysFile .ssh/authorized_keys | 41 | AuthorizedKeysFile .ssh/authorized_keys |
54 | 42 | ||
55 | #AuthorizedPrincipalsFile none | 43 | #AuthorizedPrincipalsFile none |
56 | 44 | ||
@@ -58,11 +46,9 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
58 | #AuthorizedKeysCommandUser nobody | 46 | #AuthorizedKeysCommandUser nobody |
59 | 47 | ||
60 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | 48 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts |
61 | #RhostsRSAAuthentication no | ||
62 | # similar for protocol version 2 | ||
63 | #HostbasedAuthentication no | 49 | #HostbasedAuthentication no |
64 | # Change to yes if you don't trust ~/.ssh/known_hosts for | 50 | # Change to yes if you don't trust ~/.ssh/known_hosts for |
65 | # RhostsRSAAuthentication and HostbasedAuthentication | 51 | # HostbasedAuthentication |
66 | #IgnoreUserKnownHosts no | 52 | #IgnoreUserKnownHosts no |
67 | # Don't read the user's ~/.rhosts and ~/.shosts files | 53 | # Don't read the user's ~/.rhosts and ~/.shosts files |
68 | #IgnoreRhosts yes | 54 | #IgnoreRhosts yes |
@@ -71,7 +57,8 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
71 | #PasswordAuthentication yes | 57 | #PasswordAuthentication yes |
72 | #PermitEmptyPasswords no | 58 | #PermitEmptyPasswords no |
73 | 59 | ||
74 | # Change to no to disable s/key passwords | 60 | # Change to yes to enable challenge-response passwords (beware issues with |
61 | # some PAM modules and threads) | ||
75 | ChallengeResponseAuthentication no | 62 | ChallengeResponseAuthentication no |
76 | 63 | ||
77 | # Kerberos options | 64 | # Kerberos options |
@@ -110,7 +97,7 @@ ChallengeResponseAuthentication no | |||
110 | Compression no | 97 | Compression no |
111 | ClientAliveInterval 15 | 98 | ClientAliveInterval 15 |
112 | ClientAliveCountMax 4 | 99 | ClientAliveCountMax 4 |
113 | #UseDNS yes | 100 | #UseDNS no |
114 | #PidFile /var/run/sshd.pid | 101 | #PidFile /var/run/sshd.pid |
115 | #MaxStartups 10:30:100 | 102 | #MaxStartups 10:30:100 |
116 | #PermitTunnel no | 103 | #PermitTunnel no |