44 lines
1.2 KiB
YAML
44 lines
1.2 KiB
YAML
---
|
|
|
|
ssh_client_settings:
|
|
# Host:
|
|
# - Host: "*"
|
|
# SendEnv: LANG LC_*
|
|
# HashKnownHosts: yes
|
|
ForwardAgent: yes
|
|
HashKnownHosts: yes
|
|
|
|
|
|
ssh_server_settings:
|
|
Port: 22
|
|
Protocol: 2
|
|
HostKey:
|
|
- /etc/ssh/ssh_host_rsa_key
|
|
- /etc/ssh/ssh_host_ecdsa_key
|
|
- /etc/ssh/ssh_host_ed25519_key
|
|
SyslogFacility: AUTH
|
|
LogLevel: INFO
|
|
PermitRootLogin: prohibit-password
|
|
PubkeyAuthentication: yes
|
|
PermitEmptyPasswords: no
|
|
AuthenticationMethods publickey,keyboard-interactive
|
|
ChallengeResponseAuthentication: yes
|
|
PasswordAuthentication: no
|
|
X11Forwarding: no
|
|
PrintMotd: no
|
|
PrintLastLog: yes
|
|
AcceptEnv: LANG LC_*
|
|
Subsystem:
|
|
- sftp /usr/lib/openssh/sftp-server
|
|
UsePAM: yes
|
|
|
|
# Hardened cipher list
|
|
KexAlgorithms: curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
|
|
Ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
|
MACs: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512
|
|
HostKeyAlgorithms: ssh-rsa,ssh-ed25519
|
|
|
|
# Match:
|
|
# - Match: "*"
|
|
# AllowAgentForwarding: yes
|