-
-
Notifications
You must be signed in to change notification settings - Fork 69
/
sshd_config
47 lines (47 loc) · 1.26 KB
/
sshd_config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# https://github.com/drduh/config/blob/master/sshd_config
# https://linux.die.net/man/5/sshd_config
Port 22
AddressFamily inet
#ListenAddress 172.16.1.1
#ListenAddress 10.8.1.1
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
AllowUsers sysadm
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
RekeyLimit 256M 1H
SyslogFacility AUTH
LogLevel VERBOSE
LoginGraceTime 10s
MaxStartups 1
MaxSessions 2
MaxAuthTries 3
ClientAliveInterval 30
ClientAliveCountMax 20
PermitRootLogin no
StrictModes yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
IgnoreRhosts yes
PasswordAuthentication no
PermitEmptyPasswords no
HostbasedAuthentication no
ChallengeResponseAuthentication no
Compression delayed
AllowTcpForwarding no
X11Forwarding no
GatewayPorts no
PermitTunnel no
TCPKeepAlive yes
UseDNS no
PrintMotd no
PrintLastLog yes
PermitUserEnvironment no
#Subsystem sftp /usr/lib/sftp-server
#Subsystem sftp /usr/libexec/sftp-server
#TrustedUserCAKeys /etc/ssh/ca.pub
#Match User proxy
# AllowTcpForwarding yes