modules/ssh/files/sshd_config - Issue 29323173: Issue 2815 - Allow for SSH agent forwarding to be enabled via Hiera

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: modules/ssh/files/sshd_config

Issue 29323173: Issue 2815 - Allow for SSH agent forwarding to be enabled via Hiera (Closed)

Patch Set: Created Aug. 3, 2015, 10:10 a.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 # Package generated configuration file

2 # See the sshd_config(5) manpage for details

3

4 # What ports, IPs and protocols we listen for

5 Port 22

6 # Use these options to restrict which interfaces/protocols sshd will bind to

7 #ListenAddress ::

8 #ListenAddress 0.0.0.0

9 Protocol 2

10 # HostKeys for protocol version 2

11 HostKey /etc/ssh/ssh_host_rsa_key

12 HostKey /etc/ssh/ssh_host_dsa_key

13 HostKey /etc/ssh/ssh_host_ecdsa_key

14 #Privilege Separation is turned on for security

15 UsePrivilegeSeparation yes

16

17 # Lifetime and size of ephemeral version 1 server key

18 KeyRegenerationInterval 3600

19 ServerKeyBits 768

20

21 # Logging

22 SyslogFacility AUTH

23 LogLevel INFO

24

25 # Authentication:

26 LoginGraceTime 120

27 PermitRootLogin no

28 StrictModes yes

29

30 RSAAuthentication yes

31 PubkeyAuthentication yes

32 #AuthorizedKeysFile %h/.ssh/authorized_keys

33

34 # Don't read the user's ~/.rhosts and ~/.shosts files

35 IgnoreRhosts yes

36 # For this to work you will also need host keys in /etc/ssh_known_hosts

37 RhostsRSAAuthentication no

38 # similar for protocol version 2

39 HostbasedAuthentication no

40 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

41 #IgnoreUserKnownHosts yes

42

43 # To enable empty passwords, change to yes (NOT RECOMMENDED)

44 PermitEmptyPasswords no

45

46 # Change to yes to enable challenge-response passwords (beware issues with

47 # some PAM modules and threads)

48 ChallengeResponseAuthentication no

49

50 # Change to no to disable tunnelled clear text passwords

51 PasswordAuthentication no

52

53 # Kerberos options

54 #KerberosAuthentication no

55 #KerberosGetAFSToken no

56 #KerberosOrLocalPasswd yes

57 #KerberosTicketCleanup yes

58

59 # GSSAPI options

60 #GSSAPIAuthentication no

61 #GSSAPICleanupCredentials yes

62

63 AllowAgentForwarding no

64 AllowTcpForwarding no

65 X11Forwarding no

66 X11DisplayOffset 10

67 PrintMotd no

68 PrintLastLog yes

69 TCPKeepAlive yes

70 PermitUserEnvironment yes

71 #UseLogin no

72

73 #MaxStartups 10:30:60

74 #Banner /etc/issue.net

75

76 # Allow client to pass locale environment variables

77 AcceptEnv LANG LC_*

78

79 Subsystem sftp /usr/lib/openssh/sftp-server

80

81 # Set this to 'yes' to enable PAM authentication, account processing,

82 # and session processing. If this is enabled, PAM authentication will

83 # be allowed through the ChallengeResponseAuthentication and

84 # PasswordAuthentication. Depending on your PAM configuration,

85 # PAM authentication via ChallengeResponseAuthentication may bypass

86 # the setting of "PermitRootLogin without-password".

87 # If you just want the PAM account and session checks to run without

88 # PAM authentication, then enable this but set PasswordAuthentication

89 # and ChallengeResponseAuthentication to 'no'.

90 UsePAM yes

91

OLD	NEW

« no previous file with comments | « no previous file | modules/ssh/manifests/init.pp » ('j') | no next file with comments »