install/cluster/master/etc/ssh/sshd_config

   1 # Package generated configuration file
   2 # See the sshd_config(5) manpage for details
   3
   4 # What ports, IPs and protocols we listen for
   5 Port 22
   6 # Use these options to restrict which interfaces/protocols sshd will bind to
   7 #ListenAddress ::
   8 #ListenAddress 0.0.0.0
   9 Protocol 2
  10 # HostKeys for protocol version 2
  11 HostKey /etc/ssh/ssh_host_rsa_key
  12 HostKey /etc/ssh/ssh_host_dsa_key
  13 HostKey /etc/ssh/ssh_host_ecdsa_key
  14 #Privilege Separation is turned on for security
  15 UsePrivilegeSeparation yes
  16
  17 # Lifetime and size of ephemeral version 1 server key
  18 KeyRegenerationInterval 3600
  19 ServerKeyBits 768
  20
  21 # Logging
  22 SyslogFacility AUTH
  23 LogLevel INFO
  24
  25 # Authentication:
  26 LoginGraceTime 120
  27 PermitRootLogin yes
  28 StrictModes yes
  29
  30 RSAAuthentication yes
  31 PubkeyAuthentication yes
  32 #AuthorizedKeysFile     %h/.ssh/authorized_keys
  33
  34 # Don't read the user's ~/.rhosts and ~/.shosts files
  35 IgnoreRhosts yes
  36 # For this to work you will also need host keys in /etc/ssh_known_hosts
  37 RhostsRSAAuthentication no
  38 # similar for protocol version 2
  39 HostbasedAuthentication no
  40 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  41 #IgnoreUserKnownHosts yes
  42
  43 # To enable empty passwords, change to yes (NOT RECOMMENDED)
  44 PermitEmptyPasswords no
  45
  46 # Change to yes to enable challenge-response passwords (beware issues with
  47 # some PAM modules and threads)
  48 ChallengeResponseAuthentication no
  49
  50 # Change to no to disable tunnelled clear text passwords
  51 #PasswordAuthentication yes
  52
  53 # Kerberos options
  54 #KerberosAuthentication no
  55 #KerberosGetAFSToken no
  56 #KerberosOrLocalPasswd yes
  57 #KerberosTicketCleanup yes
  58
  59 # GSSAPI options
  60 #GSSAPIAuthentication no
  61 #GSSAPICleanupCredentials yes
  62
  63 X11Forwarding no
  64 X11DisplayOffset 10
  65 PrintMotd no
  66 PrintLastLog yes
  67 TCPKeepAlive yes
  68 #UseLogin no
  69
  70 #MaxStartups 10:30:60
  71 #Banner /etc/issue.net
  72
  73 # Allow client to pass locale environment variables
  74 AcceptEnv LANG LC_*
  75
  76 Subsystem sftp /usr/lib/openssh/sftp-server
  77
  78 # Set this to 'yes' to enable PAM authentication, account processing,
  79 # and session processing. If this is enabled, PAM authentication will
  80 # be allowed through the ChallengeResponseAuthentication and
  81 # PasswordAuthentication.  Depending on your PAM configuration,
  82 # PAM authentication via ChallengeResponseAuthentication may bypass
  83 # the setting of "PermitRootLogin without-password".
  84 # If you just want the PAM account and session checks to run without
  85 # PAM authentication, then enable this but set PasswordAuthentication
  86 # and ChallengeResponseAuthentication to 'no'.
  87 UsePAM no