55 lines
1014 B
Django/Jinja
55 lines
1014 B
Django/Jinja
# /etc/ssh/sshd_config
|
|
# {{ ansible_managed }}
|
|
# See the sshd_config(5) manpage for details
|
|
|
|
Port 22
|
|
ListenAddress 0.0.0.0
|
|
Protocol 2
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
HostKey /etc/ssh/ssh_host_dsa_key
|
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
UsePrivilegeSeparation yes
|
|
KeyRegenerationInterval 3600
|
|
ServerKeyBits 1024
|
|
SyslogFacility AUTH
|
|
LogLevel QUIET
|
|
LoginGraceTime 120
|
|
StrictModes yes
|
|
RSAAuthentication yes
|
|
IgnoreRhosts yes
|
|
RhostsRSAAuthentication no
|
|
HostbasedAuthentication no
|
|
|
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
|
|
PermitTunnel no
|
|
X11Forwarding yes
|
|
AllowTcpForwarding no
|
|
|
|
PrintMotd no
|
|
PrintLastLog no
|
|
TCPKeepAlive yes
|
|
|
|
AcceptEnv LANG LC_*
|
|
|
|
PermitRootLogin no
|
|
LoginGraceTime 30
|
|
PasswordAuthentication no
|
|
PermitEmptyPasswords no
|
|
PubkeyAuthentication no
|
|
MaxAuthTries 0
|
|
MaxSessions 1
|
|
MaxStartups 1:1:1
|
|
|
|
UsePAM yes
|
|
ChallengeResponseAuthentication yes
|
|
|
|
Match Group ssh
|
|
MaxAuthTries 1
|
|
PasswordAuthentication yes
|
|
|
|
Match User ansible
|
|
MaxAuthTries 1
|
|
PubkeyAuthentication yes
|