srv/ateliers/etc/ssh/sshd_config

   1 # DOC: https://stribika.github.io/2015/01/04/secure-secure-shell.html
   2 AcceptEnv LANG LC_*
   3 AuthorizedKeysFile %h/.ssh/authorized_keys
   4 ChallengeResponseAuthentication no
   5 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
   6 ClientAliveInterval 0
   7 Compression yes
   8 DebianBanner no
   9 GSSAPIAuthentication no
  10 #HostKey /etc/ssh/ssh_host_ed25519_key
  11 HostKey /etc/ssh/ssh_host_rsa_key
  12 HostbasedAuthentication no
  13 IgnoreRhosts yes
  14 IgnoreUserKnownHosts no
  15 KerberosAuthentication no
  16 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  17 KeyRegenerationInterval 3600
  18 ListenAddress 0.0.0.0:22
  19 LogLevel INFO
  20 LoginGraceTime 120
  21 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com
  22 MaxAuthTries 5
  23 PasswordAuthentication no
  24 PermitEmptyPasswords no
  25 PermitRootLogin yes
  26 PrintLastLog yes
  27 PrintMotd no
  28 Protocol 2
  29 PubkeyAuthentication yes
  30 RSAAuthentication yes
  31 RhostsRSAAuthentication no
  32 ServerKeyBits 768
  33 StrictModes yes
  34 SyslogFacility AUTH
  35 TCPKeepAlive yes
  36 UsePAM yes
  37 UsePrivilegeSeparation yes
  38 X11DisplayOffset 10
  39 X11Forwarding no
  40
  41 Subsystem sftp internal-sftp
  42 Match Group sftp
  43         AllowTCPForwarding no
  44         ChrootDirectory %h
  45         ForceCommand internal-sftp
  46         X11Forwarding no
  47
  48 # vim: ft=sshdconfig