Openssh daemon config

From wikinotes
Revision as of 12:18, 11 June 2022 by Will (talk | contribs)

Locations

/etc/ssh

sshd_config

Common Options

Port 22

PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no

# if user is authenticated, do not prevent them from accessing
#  if their ip addr has changed since last time.
IgnoreUserKnownHosts	yes

Restricting Users

# /etc/ssh/sshd_config

# members of unix group 'sftpusers'
# are restricted to dir '/var/sftpdata/{username}'
# and are only allowed to run 'internal-sftp' command
Match Group sftpusers
    ChrootDirectory /var/sftpdata/%u
    ForceCommand internal-sftp

host keys

Generated on SSH install, it's pubkey sent to client so it can encrypt data for host.
A unique host key should be used for every server install.

Retrieved from "http://willpittman.net:8080/index.php?title=Openssh_daemon_config&oldid=30137"