9da630d612
Multiple HostKeys can now be defined as a list, instead of allowing only one custom HostKey entry
76 lines
1.6 KiB
YAML
76 lines
1.6 KiB
YAML
---
|
|
|
|
openssh_sshd_config_path: /etc/ssh
|
|
|
|
openssh_port: 22
|
|
openssh_address_family: any
|
|
openssh_listen_addresses:
|
|
- 0.0.0.0
|
|
|
|
openssh_hostkeys:
|
|
- /etc/ssh/ssh_host_ed25519_key
|
|
- /etc/ssh/ssh_host_ecdsa_key
|
|
- /etc/ssh/ssh_host_rsa_key
|
|
|
|
openssh_allow_groups: ssh
|
|
openssh_login_grace_time: 20
|
|
openssh_permit_root_login: 'no'
|
|
openssh_strict_modes: 'yes'
|
|
openssh_max_auth_tries: 3
|
|
openssh_max_sessions: 2
|
|
|
|
openssh_pubkey_authentication: 'yes'
|
|
|
|
openssh_authorized_keys_file: .ssh/authorized_keys
|
|
|
|
openssh_kexalgorithms:
|
|
# Compliant with Mozilla Modern
|
|
- curve25519-sha256@libssh.org
|
|
- ecdh-sha2-nistp521
|
|
- ecdh-sha2-nistp384
|
|
- ecdh-sha2-nistp256
|
|
- diffie-hellman-group-exchange-sha256
|
|
|
|
openssh_ciphers:
|
|
# Compliant with Mozilla Modern
|
|
- chacha20-poly1305@openssh.com
|
|
- aes256-gcm@openssh.com
|
|
- aes128-gcm@openssh.com
|
|
- aes256-ctr
|
|
- aes192-ctr
|
|
- aes128-ctr
|
|
|
|
openssh_macs:
|
|
# Compliant with Mozilla Modern
|
|
- hmac-sha2-512-etm@openssh.com
|
|
- hmac-sha2-256-etm@openssh.com
|
|
- umac-128-etm@openssh.com
|
|
- hmac-sha2-512
|
|
- hmac-sha2-256
|
|
- umac-128@openssh.com
|
|
|
|
openssh_hostbased_authentication: 'no'
|
|
openssh_password_authentication: 'no'
|
|
openssh_permit_empty_passwords: 'no'
|
|
openssh_challenge_response_authentication: 'no'
|
|
openssh_kerberos_authentication: 'no'
|
|
openssh_gssapi_authentication: 'no'
|
|
openssh_use_pam: 'yes'
|
|
|
|
openssh_allow_agent_forwarding: 'no'
|
|
openssh_permit_tunnel: 'no'
|
|
|
|
openssh_x11_forwarding: 'no'
|
|
|
|
openssh_print_motd: 'no'
|
|
|
|
openssh_permit_user_env: false
|
|
openssh_accept_env:
|
|
- LANG
|
|
- 'LC_*'
|
|
|
|
openssh_banner: true
|
|
openssh_banner_file: /etc/issue.net
|
|
|
|
openssh_loglevel: "VERBOSE"
|