You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

46 lines
1.6 KiB

  1. # Use a custom port in the following range : 1024-65536
  2. Port 22
  3. #Prefer ed25519 & ECDSA keys rather than 2048 bit RSA
  4. HostKey /etc/ssh/ssh_host_rsa_key
  5. HostKey /etc/ssh/ssh_host_ecdsa_key
  6. HostKey /etc/ssh/ssh_host_ed25519_key
  7. # Allow root access with ssh keys
  8. PermitRootLogin without-password
  9. # Allow ssh access to some users only
  10. AllowUsers root ubuntu
  11. # allow ssh key Authentication
  12. PubkeyAuthentication yes
  13. # ssh keys path in ~/.ssh/authorized_keys
  14. AuthorizedKeysFile %h/.ssh/authorized_keys
  15. # No password or empty passwords Authentication
  16. PasswordAuthentication no
  17. PermitEmptyPasswords no
  18. # No challenge response Authentication
  19. ChallengeResponseAuthentication no
  20. UsePAM yes
  21. X11Forwarding yes
  22. #PrintMotd no
  23. # Allow client to pass locale environment variables
  24. AcceptEnv LANG LC_*
  25. # override default of no subsystems
  26. Subsystem sftp /usr/lib/openssh/sftp-server
  27. # Host keys the client accepts - order here is honored by OpenSSH
  28. HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
  29. # use strong ciphers
  30. KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
  31. Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  32. MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com