44 lines
1.2 KiB
Django/Jinja
44 lines
1.2 KiB
Django/Jinja
Include /etc/ssh/sshd_config.d/*.conf
|
|
|
|
Port 22
|
|
AddressFamily any
|
|
ListenAddress 0.0.0.0
|
|
ListenAddress ::
|
|
|
|
SyslogFacility AUTH
|
|
LogLevel INFO
|
|
|
|
# Authentication:
|
|
LoginGraceTime 2m
|
|
PermitRootLogin without-password
|
|
MaxAuthTries 6
|
|
|
|
PubkeyAuthentication yes
|
|
|
|
# To disable tunneled clear text passwords, change to no here!
|
|
PasswordAuthentication no
|
|
PermitEmptyPasswords no
|
|
|
|
# Change to yes to enable challenge-response passwords (beware issues with
|
|
# some PAM modules and threads)
|
|
KbdInteractiveAuthentication no
|
|
|
|
# Set this to 'yes' to enable PAM authentication, account processing,
|
|
# and session processing. If this is enabled, PAM authentication will
|
|
# be allowed through the KbdInteractiveAuthentication and
|
|
# PasswordAuthentication. Depending on your PAM configuration,
|
|
# PAM authentication via KbdInteractiveAuthentication may bypass
|
|
# the setting of "PermitRootLogin prohibit-password".
|
|
# If you just want the PAM account and session checks to run without
|
|
# PAM authentication, then enable this but set PasswordAuthentication
|
|
# and KbdInteractiveAuthentication to 'no'.
|
|
UsePAM yes
|
|
|
|
X11Forwarding yes
|
|
PrintMotd no
|
|
|
|
# Allow client to pass locale environment variables
|
|
AcceptEnv LANG LC_*
|
|
|
|
# override default of no subsystems
|
|
Subsystem sftp /usr/lib/openssh/sftp-server |