#------------------------------------------------------------------------------ # /etc/config.d/ssh - configuration for the ssh service on eisfair # # Copyright (c) 2007 The Eisfair Team # # Creation: 2007-11-20 jv # Last Update: 2007-11-20 jv # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # SSH - secure shell (general settings) #------------------------------------------------------------------------------ START_SSH='yes' # start ssh 'yes' or 'no' SSH_PORT='22' # ssh port, see also FIREWALL_DENY_PORT_x #------------------------------------------------------------------------------ # SSH - secure shell (protocol settings) #------------------------------------------------------------------------------ SSH_USE_SSH1='no' # use ssh1 protocol - default: no SSH_USE_SSH2='yes' # use ssh2 protocol - default: yes SSH_SVR_KEYBITS='1536' # server keybits - default: 1536 #------------------------------------------------------------------------------ # SSH - secure shell (listen address settings) #------------------------------------------------------------------------------ SSH_LISTEN_ADDR_N='0' # Number of addresses sshd should listen to # 0 - listen on all local addresses SSH_LISTEN_ADDR_1='1' # First ip address, sshd should listen to # use n'th ethernet card configured in # /etc/config.d/base. # E.g. SSH_LISTEN_ADDR_1='2' points to # IP_NET_2_IPADDR in /etc/config.d/base. #------------------------------------------------------------------------------ # SSH - secure shell (allow/deny settings) #------------------------------------------------------------------------------ SSH_ALLOW_USER_N='0' # Number of user name patterns. # Login is allowed only for user names that # match one of the pattern. '*' and '?' can # be used as wildcards in the patterns. # Default: 0 - login is allowed for all users. SSH_ALLOW_USER_1='root' # First user name pattern. SSH_DENY_USER_N='0' # Number of user name patterns. # Login is disallowed only for user names that # match one of the pattern. '*' and '?' can be # used as wildcards in the patterns. # Default: 0 - login is allowed for all users. SSH_DENY_USER_1='batch' # First user name pattern. SSH_ALLOW_GROUP_N='0' # Number of group name patterns. # Login is allowed only for users whose # primary group or supplementary group # matches one of the pattern. '*' and '?' can # be used as wildcards in the patterns. # Default: 0 - login is allowed for all groups SSH_ALLOW_GROUP_1='root' # First group name pattern. SSH_DENY_GROUP_N='0' # Number of group name patterns. # Login is disallowed only for users whose # primary group or supplementary group # matches one of the pattern. '*' and '?' can # be used as wildcards in the patterns. # Default: 0 - login is allowed for all groups SSH_DENY_GROUP_1='batch' # First group name pattern. SSH_PERMITROOTLOGIN='yes' # Secifies whether root can login using ssh. # 'yes' User root can login. # 'no' User root can't login. # 'without-password' Password authentication # for user root is disabled. Note that other # authentications (e.g. keyboard-interactive/ # PAM) may still allow root to login using a # password. # 'forced-commands-only' root login with # public key authentication will be allowed, # but only if the command option has been # specified. #------------------------------------------------------------------------------ # SSH - secure shell (public key settings for user root) #------------------------------------------------------------------------------ SSH_PUBLIC_KEY_N='0' # number of public keys or keyfile to add # to /root/.ssh/authorized_keys SSH_PUBLIC_KEY_1='' # public key (identity.pub) generated # by ssh-keygen # If the first character is a slash (/) # the value is interpreted as an absolut # pathname of a file. The content of this # file is added to the file # /root/.ssh/authorized_keys #------------------------------------------------------------------------------ # SSH - secure shell (additional settings) #------------------------------------------------------------------------------ SSH_MAX_STARTUPS='10' # maximum number of concurrent unauthenticated # connections. default: 10 SSH_ENABLE_PRIV_SEPARATION='no' # enable privilege separation: 'yes' or 'no' SSH_COMPRESSION='yes' # allow compression: 'yes' or 'no' SSH_STRICTMODES='yes' # Use Strictmodes: 'yes' or 'no' SSH_PASSWDAUTH='yes' # Allow password authentication 'yes' # or 'no'. If password authentication # is not allowed you have to use key # authentication. Check that key # authentication works fine before you # set SSH_PASSWDAUTH to 'no'. SSH_USEPAM='no' # Enable Pluggable Authentication Module # interface (PAM) 'yes' or 'no'. SSH_CH_RESPONSEAUTH='yes' # Allow challenge response authentication # 'yes' or 'no'. SSH_CLIENTALIVEINTERVAL='0' # Timeout interval in seconds for # client alive message. # Default: 0 - no message SSH_CLIENTALIVECOUNTMAX='3' # Number of client alive messages # until disconnection. # Default: 3 #------------------------------------------------------------------------------ # SSH - secure shell (subsystem settings) #------------------------------------------------------------------------------ SSH_ENABLE_SFTP='yes' # activate sftp: 'yes' or 'no' #------------------------------------------------------------------------------ # SSH - secure shell (log level settings) #------------------------------------------------------------------------------ SSH_LOGLEVEL='INFO' # Verbosity level that is used when # logging messages from sshd. # Values QUIET FATAL ERROR INFO VERBOSE # DEBUG DEBUG1 DEBUG2 DEBUG3 are allowed. # Default: INFO # Logging with a DEBUG level violates # the privacy of users and is not # recommended. #------------------------------------------------------------------------------ # End #------------------------------------------------------------------------------