Openssh daemon config: Difference between revisions
From wikinotes
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
= | = Locations = | ||
<blockquote> | <blockquote> | ||
{| class="wikitable" | |||
|- | |||
| <code>/etc/ssh</code> | |||
|- | |||
|} | |||
</blockquote><!-- Locations --> | |||
= sshd_config = | |||
<blockquote> | |||
== Common Options == | |||
<blockquote> | |||
<source lang="bash"> | <source lang="bash"> | ||
Port 22 | Port 22 | ||
Line 15: | Line 25: | ||
</blockquote><!-- common options --> | </blockquote><!-- common options --> | ||
= Restricting Users = | == Restricting Users == | ||
<blockquote> | <blockquote> | ||
<source lang="bash"> | <source lang="bash"> | ||
Line 28: | Line 38: | ||
</source> | </source> | ||
</blockquote><!-- restricting users --> | </blockquote><!-- restricting users --> | ||
</blockquote><!-- sshd_config --> | |||
= host keys = | |||
<blockquote> | |||
Generated on SSH install, it's pubkey sent to client so it can encrypt data for host.<br> | |||
A unique host key should be used for every server install. | |||
</blockquote><!-- host keys --> |
Revision as of 12:18, 11 June 2022
Locations
/etc/ssh
sshd_config
Common Options
Port 22 PermitRootLogin no PasswordAuthentication no PermitEmptyPasswords no # if user is authenticated, do not prevent them from accessing # if their ip addr has changed since last time. IgnoreUserKnownHosts yesRestricting Users
# /etc/ssh/sshd_config # members of unix group 'sftpusers' # are restricted to dir '/var/sftpdata/{username}' # and are only allowed to run 'internal-sftp' command Match Group sftpusers ChrootDirectory /var/sftpdata/%u ForceCommand internal-sftp
host keys
Generated on SSH install, it's pubkey sent to client so it can encrypt data for host.
A unique host key should be used for every server install.