sshd_config 1.2 KB

1234567891011121314151617181920212223242526272829303132333435363738
  1. # sync with https://github.com/fphammerle/docker-gitolite/blob/master/sshd_config
  2. LogLevel INFO
  3. #LogLevel DEBUG
  4. PidFile none
  5. Port 2200
  6. Protocol 2
  7. HostKey /etc/ssh/host_keys/rsa
  8. HostKey /etc/ssh/host_keys/ed25519
  9. # https://www.ssh-audit.com/hardening_guides.html#ubuntu_20_04_lts
  10. KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
  11. Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  12. MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
  13. HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
  14. #UsePAM no
  15. PermitRootLogin no
  16. PubkeyAuthentication yes
  17. PasswordAuthentication no
  18. ChallengeResponseAuthentication no
  19. StrictModes no
  20. AllowAgentForwarding no
  21. AllowTcpForwarding no
  22. GatewayPorts no
  23. PermitTunnel no
  24. X11Forwarding no
  25. PermitUserEnvironment no
  26. PrintMotd no
  27. PermitTTY no
  28. ChrootDirectory /data
  29. Subsystem sftp /usr/lib/openssh/sftp-server
  30. ForceCommand internal-sftp