/etc/ssh/sshd_config, la opción fácil.

By 6 de agosto de 2006 BSD, Linux No Comments

bsd_topic_mirror.pngPues va a parecer una tontería, pero sólo copiando el archivo /etc/ssh/sshd_config de una SuSE Linux 8.2 pude configurar de forma rápida (es decir sin mirar exhaustivamente, opción por opción), el acceso a la máquina FreeBSD a la que se pretendía entrar.
Muchas de las opciones son claras en su definición, mientras que otras deben estudiarse un poco. En cualquier caso pongo aquí el contenido por si alguien no tiene un fichero de configuración a cerca para comparar.

Comentarios?

# $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20040419

#Port 22
#Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes

#RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication (via challenge-response)
# and session processing.
#UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation no
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path
# En esta sección se referencia a un archivo en el cual pondremos nuestro mensaje de bienvenida para el usuario que se logea

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server

Leave a Reply

Your email address will not be published.