f1ccb14467
Il fallait mettre la version svn et modifier bcfg2 pour avoir les trucs bien mais maintenant on peut faire mieux avec le plugin Python donc ça sert à rien de s'embeter. darcs-hash:20080410185335-c41ad-37542a59af3f3506d5b7b4f11164742deae6d83b.gz
80 lines
1.9 KiB
Text
80 lines
1.9 KiB
Text
# -*- coding: utf-8; mode: python -*-
|
|
|
|
include("mode/space")
|
|
|
|
header("Configuration du serveur ssh")
|
|
|
|
@# What ports, IPs and protocols we listen for
|
|
@Port 22
|
|
@# Use these options to restrict which interfaces/protocols sshd will bind to
|
|
@#ListenAddress ::
|
|
@#ListenAddress 0.0.0.0
|
|
@Protocol 2
|
|
@# HostKeys for protocol version 2
|
|
@HostKey /etc/ssh/ssh_host_rsa_key
|
|
@HostKey /etc/ssh/ssh_host_dsa_key
|
|
@#Privilege Separation is turned on for security
|
|
@UsePrivilegeSeparation yes
|
|
|
|
@# Lifetime and size of ephemeral version 1 server key
|
|
@KeyRegenerationInterval 3600
|
|
@ServerKeyBits 768
|
|
|
|
@# Logging
|
|
@SyslogFacility AUTH
|
|
@LogLevel INFO
|
|
|
|
@# Authentication:
|
|
@LoginGraceTime 120
|
|
@PermitRootLogin yes
|
|
@StrictModes yes
|
|
|
|
@RSAAuthentication yes
|
|
@PubkeyAuthentication yes
|
|
@#AuthorizedKeysFile %h/.ssh/authorized_keys
|
|
|
|
@# Don't read the user's ~/.rhosts and ~/.shosts files
|
|
@IgnoreRhosts yes
|
|
@# For this to work you will also need host keys in /etc/ssh_known_hosts
|
|
@RhostsRSAAuthentication no
|
|
@# similar for protocol version 2
|
|
@HostbasedAuthentication no
|
|
@# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
|
@#IgnoreUserKnownHosts yes
|
|
|
|
@# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
|
@PermitEmptyPasswords no
|
|
|
|
@# Change to yes to enable challenge-response passwords (beware issues with
|
|
@# some PAM modules and threads)
|
|
@ChallengeResponseAuthentication yes
|
|
|
|
@# Change to no to disable tunnelled clear text passwords
|
|
@PasswordAuthentication no
|
|
|
|
@# Kerberos options
|
|
@#KerberosAuthentication no
|
|
@#KerberosGetAFSToken no
|
|
@#KerberosOrLocalPasswd yes
|
|
@#KerberosTicketCleanup yes
|
|
|
|
@# GSSAPI options
|
|
@#GSSAPIAuthentication no
|
|
@#GSSAPICleanupCredentials yes
|
|
|
|
%X11Forwarding yesno(has("users"))
|
|
@X11DisplayOffset 10
|
|
@PrintMotd yes
|
|
@PrintLastLog yes
|
|
@TCPKeepAlive yes
|
|
@#UseLogin no
|
|
|
|
@#MaxStartups 10:30:60
|
|
@#Banner /etc/issue.net
|
|
|
|
@# Allow client to pass locale environment variables
|
|
@AcceptEnv LANG LC_*
|
|
|
|
@Subsystem sftp /usr/lib/openssh/sftp-server
|
|
|
|
@UsePAM yes
|