46 lines
1.2 KiB
Text
46 lines
1.2 KiB
Text
|
{{ ansible_managed | comment }}
|
||
|
|
|
||
|
|
SyslogFacility AUTH
|
||
|
|
LogLevel VERBOSE
|
||
|
|
|
||
|
|
AddressFamily any
|
||
|
|
ListenAddress 0.0.0.0
|
||
|
|
ListenAddress ::
|
||
|
|
|
||
|
|
Port 22
|
||
|
|
|
||
|
|
MaxStartups 10:30:100
|
||
|
|
|
||
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
||
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
||
|
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||
|
|
|
||
|
|
# https://infosec.mozilla.org/guidelines/openssh.html
|
||
|
|
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
|
||
|
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||
|
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
||
|
|
|
||
|
|
AuthenticationMethods publickey
|
||
|
|
|
||
|
|
TrustedUserCAKeys /etc/ssh/users_ca.pub
|
||
|
|
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
|
||
|
|
|
||
|
|
StrictModes yes
|
||
|
|
UsePAM no
|
||
|
|
PermitRootLogin yes
|
||
|
|
PermitUserRC no
|
||
|
|
PermitUserEnvironment no
|
||
|
|
AllowAgentForwarding no
|
||
|
|
AllowTcpForwarding yes
|
||
|
|
X11Forwarding no
|
||
|
|
PermitTTY yes
|
||
|
|
PermitTunnel no
|
||
|
|
VersionAddendum none
|
||
|
|
PrintLastLog yes
|
||
|
|
PrintMotd yes
|
||
|
|
TCPKeepAlive yes
|
||
|
|
UseDNS no
|
||
|
|
AcceptEnv LANG LC_*
|
||
|
|
|
||
|
|
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
|