roles/common: port common settings to Debian 11 sshd_config

Still need to add the encryption settings.
This commit is contained in:
Alan Orth 2021-07-22 14:16:20 +03:00
parent 7c6ab2a652
commit 892033b880
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9

View File

@ -18,28 +18,29 @@ Include /etc/ssh/sshd_config.d/*.conf
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in.
LogLevel VERBOSE
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
MaxAuthTries 4
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
@ -88,7 +89,7 @@ UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
@ -121,3 +122,6 @@ Subsystem sftp /usr/lib/openssh/sftp-server
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
# only allow shell access by provisioning user
AllowUsers {{ provisioning_user.name }}