2021-10-28 16:38:19 +08:00
|
|
|
From ca0b2bcd17a2c0e1682b8125960ac81e08d0f6dd Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: kircher <kircherlike@outlook.com>
|
|
|
|
|
Date: Wed, 27 Oct 2021 16:51:41 +0800
|
|
|
|
|
Subject: [PATCH] set
|
2020-07-24 15:45:06 +08:00
|
|
|
|
|
|
|
|
---
|
2021-10-28 16:38:19 +08:00
|
|
|
sshd_config | 32 +++++++++++++++++++-------------
|
|
|
|
|
1 file changed, 19 insertions(+), 13 deletions(-)
|
2020-07-24 15:45:06 +08:00
|
|
|
|
2022-05-05 10:44:11 +08:00
|
|
|
Index: b/sshd_config
|
|
|
|
|
===================================================================
|
2020-07-24 15:45:06 +08:00
|
|
|
--- a/sshd_config
|
|
|
|
|
+++ b/sshd_config
|
2022-09-01 15:59:32 +08:00
|
|
|
@@ -23,21 +23,22 @@
|
2020-07-24 15:45:06 +08:00
|
|
|
#ListenAddress 0.0.0.0
|
|
|
|
|
#ListenAddress ::
|
|
|
|
|
|
|
|
|
|
-#HostKey /etc/ssh/ssh_host_rsa_key
|
|
|
|
|
-#HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
|
|
|
-#HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
|
+HostKey /etc/ssh/ssh_host_rsa_key
|
|
|
|
|
+HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
|
|
|
+HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
|
|
|
|
|
|
# Ciphers and keying
|
|
|
|
|
#RekeyLimit default none
|
|
|
|
|
|
|
|
|
|
# Logging
|
|
|
|
|
#SyslogFacility AUTH
|
|
|
|
|
+SyslogFacility AUTHPRIV
|
|
|
|
|
#LogLevel INFO
|
|
|
|
|
|
|
|
|
|
# Authentication:
|
|
|
|
|
|
|
|
|
|
#LoginGraceTime 2m
|
|
|
|
|
-#PermitRootLogin prohibit-password
|
|
|
|
|
+PermitRootLogin yes
|
|
|
|
|
#StrictModes yes
|
|
|
|
|
#MaxAuthTries 6
|
|
|
|
|
#MaxSessions 10
|
2021-10-28 16:38:19 +08:00
|
|
|
@@ -62,11 +63,11 @@ AuthorizedKeysFile .ssh/authorized_keys
|
|
|
|
|
#IgnoreRhosts yes
|
|
|
|
|
|
2020-07-24 15:45:06 +08:00
|
|
|
# To disable tunneled clear text passwords, change to no here!
|
2021-10-28 16:38:19 +08:00
|
|
|
-#PasswordAuthentication yes
|
2020-07-24 15:45:06 +08:00
|
|
|
+PasswordAuthentication yes
|
2021-10-28 16:38:19 +08:00
|
|
|
#PermitEmptyPasswords no
|
2020-07-24 15:45:06 +08:00
|
|
|
|
|
|
|
|
# Change to no to disable s/key passwords
|
2021-10-28 16:38:19 +08:00
|
|
|
-#KbdInteractiveAuthentication yes
|
|
|
|
|
+KbdInteractiveAuthentication no
|
2020-07-24 15:45:06 +08:00
|
|
|
|
|
|
|
|
# Kerberos options
|
|
|
|
|
#KerberosAuthentication no
|
2021-10-28 16:38:19 +08:00
|
|
|
@@ -76,8 +77,8 @@ AuthorizedKeysFile .ssh/authorized_keys
|
2020-07-24 15:45:06 +08:00
|
|
|
#KerberosUseKuserok yes
|
|
|
|
|
|
|
|
|
|
# GSSAPI options
|
|
|
|
|
-#GSSAPIAuthentication no
|
|
|
|
|
-#GSSAPICleanupCredentials yes
|
|
|
|
|
+GSSAPIAuthentication yes
|
|
|
|
|
+GSSAPICleanupCredentials no
|
|
|
|
|
#GSSAPIStrictAcceptorCheck yes
|
|
|
|
|
#GSSAPIKeyExchange no
|
|
|
|
|
#GSSAPIEnablek5users no
|
2021-10-28 16:38:19 +08:00
|
|
|
@@ -93,16 +94,16 @@ AuthorizedKeysFile .ssh/authorized_keys
|
|
|
|
|
# and KbdInteractiveAuthentication to 'no'.
|
2020-07-24 15:45:06 +08:00
|
|
|
# WARNING: 'UsePAM no' is not supported in openEuler and may cause several
|
|
|
|
|
# problems.
|
|
|
|
|
-#UsePAM no
|
|
|
|
|
+UsePAM yes
|
|
|
|
|
|
|
|
|
|
#AllowAgentForwarding yes
|
|
|
|
|
#AllowTcpForwarding yes
|
|
|
|
|
#GatewayPorts no
|
|
|
|
|
-#X11Forwarding no
|
|
|
|
|
+X11Forwarding yes
|
|
|
|
|
#X11DisplayOffset 10
|
|
|
|
|
#X11UseLocalhost yes
|
|
|
|
|
#PermitTTY yes
|
|
|
|
|
-#PrintMotd yes
|
|
|
|
|
+PrintMotd no
|
|
|
|
|
#PrintLastLog yes
|
|
|
|
|
#TCPKeepAlive yes
|
|
|
|
|
#PermitUserEnvironment no
|
2022-05-05 10:44:11 +08:00
|
|
|
@@ -119,6 +120,11 @@ AuthorizedKeysFile .ssh/authorized_keys
|
2020-07-24 15:45:06 +08:00
|
|
|
# no default banner path
|
|
|
|
|
#Banner none
|
|
|
|
|
|
|
|
|
|
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
|
|
|
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
|
|
|
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
|
|
|
|
|
+AcceptEnv XMODIFIERS
|
|
|
|
|
+
|
|
|
|
|
# override default of no subsystems
|
2022-05-05 10:44:11 +08:00
|
|
|
Subsystem sftp /usr/libexec/sftp-server
|
2020-07-24 15:45:06 +08:00
|
|
|
|
