63 lines
998 B
Plaintext
63 lines
998 B
Plaintext
# Logging
|
|
LogLevel VERBOSE
|
|
SyslogFacility AUTH
|
|
|
|
|
|
# Authentication
|
|
PermitRootLogin no
|
|
StrictModes yes
|
|
|
|
AuthenticationMethods publickey
|
|
PubkeyAuthentication yes
|
|
|
|
|
|
# Disable Other Authentication Methods
|
|
ChallengeResponseAuthentication no
|
|
GSSAPIAuthentication no
|
|
HostbasedAuthentication no
|
|
KbdInteractiveAuthentication no
|
|
KerberosAuthentication no
|
|
PasswordAuthentication no
|
|
PermitEmptyPasswords no
|
|
UsePAM no
|
|
|
|
|
|
# Certificates
|
|
AuthorizedKeysFile none
|
|
TrustedUserCAKeys /etc/ssh/ca.pub
|
|
AuthorizedPrincipalsFile /etc/ssh/principals/%u
|
|
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
|
|
|
|
|
|
# Capability Limits
|
|
AllowAgentForwarding no
|
|
AllowStreamLocalForwarding no
|
|
AllowTcpForwarding no
|
|
|
|
GatewayPorts no
|
|
|
|
PermitListen none
|
|
PermitOpen none
|
|
|
|
PermitTunnel no
|
|
PermitUserEnvironment no
|
|
PermitUserRC no
|
|
|
|
PrintMotd no
|
|
|
|
X11Forwarding no
|
|
X11UseLocalhost yes
|
|
|
|
|
|
# Interactive Terminal
|
|
PermitTTY yes
|
|
|
|
|
|
# Rate Limit
|
|
LoginGraceTime 20
|
|
MaxAuthTries 3
|
|
MaxSessions 10
|
|
MaxStartups 10:30:100
|