From: Simon Ruderich Date: Wed, 27 Feb 2013 04:21:11 +0000 (+0100) Subject: sshd_config: Add. X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=1fb61af84ab18d053a2fcb5f0cbb35e0a9c5965a;p=config%2Fdotfiles.git sshd_config: Add. --- diff --git a/sshd_config b/sshd_config new file mode 100644 index 0000000..8f21c33 --- /dev/null +++ b/sshd_config @@ -0,0 +1,60 @@ +# SSH daemon configuration file. +# +# Some options are set even if they are default to document that they are +# important and to prevent upstream changes from affecting them. + +# Copyright (C) 2013 Simon Ruderich +# +# This file is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see . + + +# Listen on port 22 (default). +Port 22 + +# Only use protocol 2. Protocol 1 is insecure. (default) +Protocol 2 + +# Use privilege separation for increased security. +UsePrivilegeSeparation yes + +# Don't use PAM because it may circumvent other authentication methods used +# below (default). +UsePAM no +# Disable authentication methods I don't use. +ChallengeResponseAuthentication no +GSSAPIAuthentication no +HostbasedAuthentication no +KerberosAuthentication no +PasswordAuthentication no +# Only enable those I need. +PubkeyAuthentication yes + +# Don't allow empty passwords (default). +PermitEmptyPasswords no +# Allow root-login only with public keys. +PermitRootLogin without-password + +# Be strict when checking user file permissions (default). +StrictModes yes + +# Don't accept any environment variables from the client (default). +AcceptEnv +# Don't use ~/.ssh/environment and environment= options in +# ~/.ssh/authorized_keys because LD_PRELOAD could be used to circumvent +# authentications (default). +PermitUserEnvironment no + + +# Only allow logins for certain users. +AllowUsers root