source: branches/wsgi/packages/sipb-xen-console/files/etc/ssh/sshd_config.sipb-xen @ 914

Last change on this file since 914 was 380, checked in by broder, 17 years ago

Added configuration changes for Kerberos and passwordless SSH, and fixed some miscellaneous things.

I know that /etc/pam.d/ssh and /etc/ssh/sshd_config should probably be done with the other debathena config magic, but I just don't understand it, and also, my Perl-fu isn't good enough

File size: 1.4 KB
Line 
1Port 22
2Protocol 2
3# HostKeys for protocol version 2
4HostKey /etc/ssh/ssh_host_rsa_key
5HostKey /etc/ssh/ssh_host_dsa_key
6#Privilege Separation is turned on for security
7UsePrivilegeSeparation yes
8
9# Lifetime and size of ephemeral version 1 server key
10KeyRegenerationInterval 3600
11ServerKeyBits 768
12
13# Logging
14SyslogFacility AUTH
15LogLevel INFO
16
17# Authentication:
18LoginGraceTime 120
19PermitRootLogin yes
20StrictModes yes
21
22RSAAuthentication yes
23PubkeyAuthentication yes
24#AuthorizedKeysFile     %h/.ssh/authorized_keys
25
26# Don't read the user's ~/.rhosts and ~/.shosts files
27IgnoreRhosts yes
28# For this to work you will also need host keys in /etc/ssh_known_hosts
29RhostsRSAAuthentication no
30# similar for protocol version 2
31HostbasedAuthentication no
32# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
33#IgnoreUserKnownHosts yes
34
35# To enable empty passwords, change to yes (NOT RECOMMENDED)
36PermitEmptyPasswords no
37
38# Change to yes to enable challenge-response passwords (beware issues with
39# some PAM modules and threads)
40ChallengeResponseAuthentication yes
41
42# Change to no to disable tunnelled clear text passwords
43PasswordAuthentication no
44
45# GSSAPI options
46GSSAPIAuthentication yes
47GSSAPICleanupCredentials yes
48GSSAPIKeyExchange yes
49
50X11Forwarding yes
51X11DisplayOffset 10
52PrintMotd no
53PrintLastLog yes
54TCPKeepAlive yes
55
56# Allow client to pass locale environment variables
57AcceptEnv LANG LC_*
58
59UsePAM yes
Note: See TracBrowser for help on using the repository browser.