From 66899298bee037e8dac6fe43e22835a833bd45c2 Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Thu, 8 Feb 2018 14:25:47 +0100 Subject: [PATCH] Fix sshd_config Signed-off-by: Knut Ahlers --- sshd_config | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/sshd_config b/sshd_config index 5a821d8..6a038ff 100644 --- a/sshd_config +++ b/sshd_config @@ -9,12 +9,6 @@ HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key -#Privilege Separation is turned on for security -UsePrivilegeSeparation yes - -# Lifetime and size of ephemeral version 1 server key -KeyRegenerationInterval 3600 -ServerKeyBits 1024 # Logging SyslogFacility AUTH @@ -25,14 +19,11 @@ LoginGraceTime 120 PermitRootLogin no StrictModes yes -RSAAuthentication no PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication @@ -51,7 +42,6 @@ PasswordAuthentication yes X11Forwarding no X11DisplayOffset 10 PrintMotd no -PrintLastLog no TCPKeepAlive yes #UseLogin no @@ -61,15 +51,4 @@ TCPKeepAlive yes # Allow client to pass locale environment variables AcceptEnv LANG LC_* -Subsystem sftp /usr/lib/openssh/sftp-server - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes +Subsystem sftp /usr/lib/ssh/sftp-server