srv/ateliers/etc/ssh/sshd_config

   1 # DOC: https://stribika.github.io/2015/01/04/secure-secure-shell.html
   2 AcceptEnv LANG LC_*
   3 AuthorizedKeysFile %h/.ssh/authorized_keys
   4 ChallengeResponseAuthentication no
   5 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
   6 ClientAliveInterval 0
   7 Compression yes
   8 DebianBanner no
   9 GSSAPIAuthentication no
  10 #HostKey /etc/ssh/ssh_host_ed25519_key
  11 HostKey /etc/ssh/ssh_host_rsa_key
  12 HostbasedAuthentication no
  13 IgnoreRhosts yes
  14 IgnoreUserKnownHosts no
  15 KerberosAuthentication no
  16 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  17 KeyRegenerationInterval 3600
  18 ListenAddress 0.0.0.0:22
  19 LogLevel INFO
  20 LoginGraceTime 120
  21 #Note: hmac-sha1 est pas trop recommandable. Le virer dès que Ouindo$ le permet
  22 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha1
  23 MaxAuthTries 5
  24 PasswordAuthentication no
  25 PermitEmptyPasswords no
  26 PermitRootLogin yes
  27 PrintLastLog yes
  28 PrintMotd no
  29 Protocol 2
  30 PubkeyAuthentication yes
  31 RSAAuthentication yes
  32 RhostsRSAAuthentication no
  33 ServerKeyBits 768
  34 StrictModes yes
  35 SyslogFacility AUTH
  36 TCPKeepAlive yes
  37 UsePAM yes
  38 UsePrivilegeSeparation yes
  39 X11DisplayOffset 10
  40 X11Forwarding no
  41
  42 Subsystem sftp internal-sftp
  43 Match Group sftp
  44         AllowTCPForwarding no
  45         ChrootDirectory %h
  46         ForceCommand internal-sftp
  47         X11Forwarding no
  48
  49 # vim: ft=sshdconfig