2014-11-15 14:00:19 +00:00
|
|
|
Port 22
|
|
|
|
|
2014-12-13 18:52:56 +00:00
|
|
|
{% if ssh_ldap %}
|
|
|
|
AuthorizedKeysCommand /usr/lib/openssh-ldap-helper/openssh-ldap-helper
|
|
|
|
AuthorizedKeysCommandUser root
|
|
|
|
{% else %}
|
2015-01-08 10:47:18 +00:00
|
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
2014-12-13 18:52:56 +00:00
|
|
|
{% endif %}
|
2014-11-15 14:00:19 +00:00
|
|
|
|
2015-01-08 10:47:18 +00:00
|
|
|
PermitRootLogin no
|
2014-11-15 14:00:19 +00:00
|
|
|
PasswordAuthentication no
|
|
|
|
ChallengeResponseAuthentication no
|
|
|
|
|
|
|
|
UsePAM yes
|
|
|
|
|
|
|
|
PrintMotd no
|
|
|
|
UsePrivilegeSeparation sandbox
|
2015-01-08 10:47:18 +00:00
|
|
|
Subsystem sftp usr/lib/ssh/sftp-server
|
|
|
|
|
|
|
|
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
|
|
|
|
Ciphers chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
|
|
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
|