ssh-authentication with puppet

===================================================================
[root@server ~]# puppet module search ssh
Notice: Searching https://forgeapi.puppetlabs.com
NAME DESCRIPTION AUTHOR KEYWORDS
ghoneycutt-ssh Manages SSH @ghoneycutt ssh sshd openssh sshkey

===================================================================

[root@server ~]# puppet module install ghoneycutt-ssh
Notice: Preparing to install into /etc/puppet/modules …
Notice: Downloading from https://forgeapi.puppetlabs.com
Notice: Installing — do not interrupt …
/etc/puppet/modules
└─┬ ghoneycutt-ssh (v3.49.0)
├── ghoneycutt-common (v1.6.0)
├── puppetlabs-firewall (v1.8.1)
└── puppetlabs-stdlib (v4.13.1)

===================================================================
[root@server ~]# vim /etc/puppet/manifests/site.pp
hiera_include(“classes”)

node default {
include role
}

#### writing role for user creation #####

case $role { ‘users’ : {
include users
}
}
###### writing role for ftpserver #######

case $role { ‘ftpserver’ : {
include vsftpd
}
}
####### writing role for nfs-server ######
case $role { ‘nfsserver’ : {
include nfs
}
}

##### writing role for samaba-server ######

case $role { ‘sambaserver’ : {
include samba::dc
}
}

############ writing role for ssh #########
case $role { ‘sshauth’ : {
include ssh
}
}
===================================================================

[root@server ~]# vim /etc/facter/facts.d/role.txt
role=sshauth

===================================================================

[root@server ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for server.puppet.com
Info: Applying configuration version ‘1478817562’
Notice: /Stage[main]/Ssh/File[ssh_config]/content:
— /etc/ssh/ssh_config 2015-11-20 07:01:34.000000000 -0500
+++ /tmp/puppet-file20161110-4351-1m3dcy 2016-11-10 17:40:42.019547793 -0500
@@ -1,4 +1,7 @@
-# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
@@ -22,45 +25,37 @@
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
-# PasswordAuthentication yes
+ PasswordAuthentication yes
+ PubkeyAuthentication yes
# HostbasedAuthentication no
-# GSSAPIAuthentication no
-# GSSAPIDelegateCredentials no
-# GSSAPIKeyExchange no
-# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
-# IdentityFile ~/.ssh/id_rsa
-# IdentityFile ~/.ssh/id_dsa
+ IdentityFile ~/.ssh/id_rsa
+ IdentityFile ~/.ssh/id_dsa
# Port 22
-# Protocol 2,1
+ Protocol 2
# Cipher 3des
-# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
-# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
-# VisualHostKey no
-# ProxyCommand ssh -q -W %h:%p gateway.example.com
-# RekeyLimit 1G 1h
-#
-# Uncomment this if you want to use .local domain
-# Host *.local
-# CheckHostIP no

+# HashKnownHosts no
+ HashKnownHosts no
+ GlobalKnownHostsFile /etc/ssh/ssh_known_hosts
Host *
– GSSAPIAuthentication yes
+# GSSAPIAuthentication yes
+ GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
– ForwardX11Trusted yes
+ ForwardX11Trusted yes
+ UseRoaming no
# Send locale-related environment variables
– SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
– SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
– SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
– SendEnv XMODIFIERS
+ SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+ SendEnv LC_IDENTIFICATION LC_ALL

Info: Computing checksum on file /etc/ssh/ssh_config
Info: /Stage[main]/Ssh/File[ssh_config]: Filebucketed /etc/ssh/ssh_config to puppet with sum 8bd2ab7fa2f80c1af4c1ff05f85f0035
Notice: /Stage[main]/Ssh/File[ssh_config]/content: content changed ‘{md5}8bd2ab7fa2f80c1af4c1ff05f85f0035’ to ‘{md5}08cc71e013e8ba01c7d1f03d212f1ee5’
Notice: /Stage[main]/Ssh/File[ssh_known_hosts]/ensure: created
Notice: /Stage[main]/Ssh/File[sshd_config]/content:
— /etc/ssh/sshd_config 2015-11-20 07:01:34.000000000 -0500
+++ /tmp/puppet-file20161110-4351-jab9o9 2016-11-10 17:40:43.213547758 -0500
@@ -1,153 +1,143 @@
-# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

-# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
+# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
+# possible, but leave them commented. Uncommented options change a
# default value.

-# If you want to change the port on a SELinux system, you have to tell
-# SELinux about this change.
-# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
-#
#Port 22
+Port 22
+#Protocol 2,1
+Protocol 2
#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::

-# The default requires explicit activation of protocol 1
-#Protocol 2
+AddressFamily any

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_rsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

-# Ciphers and keying
-#RekeyLimit default none

+ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
-SyslogFacility AUTHPRIV
+SyslogFacility AUTH
#LogLevel INFO
+LogLevel INFO

# Authentication:

-#LoginGraceTime 2m
+#LoginGraceTime 120
+LoginGraceTime 120
#PermitRootLogin yes
+PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
-#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

-# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys

-#AuthorizedPrincipalsFile none

-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
+PubkeyAuthentication yes
+#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
+HostbasedAuthentication no
# Change to yes if you don’t trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
+IgnoreUserKnownHosts no
# Don’t read the user’s ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
+IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
-#PermitEmptyPasswords no
PasswordAuthentication yes
+#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
-ChallengeResponseAuthentication no
+ChallengeResponseAuthentication yes

# Kerberos options
-#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
-#KerberosUseKuserok yes

# GSSAPI options
+#GSSAPIAuthentication no
GSSAPIAuthentication yes
-GSSAPICleanupCredentials no
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-#GSSAPIEnablek5users no
+#GSSAPICleanupCredentials yes
+GSSAPICleanupCredentials yes

# Set this to ‘yes’ to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of “PermitRootLogin without-password”.
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to ‘no’.
-# WARNING: ‘UsePAM no’ is not supported in Red Hat Enterprise Linux and may cause several
-# problems.
+# be allowed through the ChallengeResponseAuthentication mechanism.
+# Depending on your PAM configuration, this may bypass the setting of
+# PasswordAuthentication, PermitEmptyPasswords, and
+# “PermitRootLogin without-password”. If you just want the PAM account and
+# session checks to run without PAM authentication, then enable this but set
+# ChallengeResponseAuthentication=no
+#UsePAM no
UsePAM yes

-#AllowAgentForwarding yes
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
+AllowTcpForwarding yes
#GatewayPorts no
+#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
-#PermitTTY yes
+X11UseLocalhost yes
#PrintMotd yes
+PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
+TCPKeepAlive yes
#UseLogin no
-UsePrivilegeSeparation sandbox # Default for new installations.
+#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
-#ClientAliveCountMax 3
+ClientAliveInterval 0
+ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
+UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
+#MaxSessions 10
+
#PermitTunnel no
+PermitTunnel no
#ChrootDirectory none
-#VersionAddendum none

# no default banner path
#Banner none
+Banner none

-# Accept locale-related environment variables
-AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
-AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
-AcceptEnv XMODIFIERS
+#XAuthLocation /usr/bin/xauth
+XAuthLocation /usr/bin/xauth

# override default of no subsystems
-Subsystem sftp /usr/libexec/openssh/sftp-server
+Subsystem sftp /usr/libexec/openssh/sftp-server

-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server

Info: Computing checksum on file /etc/ssh/sshd_config
Info: /Stage[main]/Ssh/File[sshd_config]: Filebucketed /etc/ssh/sshd_config to puppet with sum 0440a9608de01c4fa1c1dd6301b568ec
Notice: /Stage[main]/Ssh/File[sshd_config]/content: content changed ‘{md5}0440a9608de01c4fa1c1dd6301b568ec’ to ‘{md5}969b46c8fab7a5f007418e872bfc365d’
Info: /Stage[main]/Ssh/File[sshd_config]: Scheduling refresh of Service[sshd_service]
Notice: /Stage[main]/Ssh/Service[sshd_service]: Triggered ‘refresh’ from 1 events
Notice: Finished catalog run in 2.61 seconds
[root@server ~]#
==========================================================================
[root@server ~]# logout
Connection to 192.168.43.133 closed.
mohammedrafi@NOC-RAFI:~$ ssh root@192.168.43.133
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
b7:bb:29:c7:fd:18:6c:8d:2d:60:2c:c2:ce:f1:b3:db.
Please contact your system administrator.
Add correct host key in /home/mohammedrafi/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/mohammedrafi/.ssh/known_hosts:352
remove with: ssh-keygen -f “/home/mohammedrafi/.ssh/known_hosts” -R 192.168.43.133
RSA host key for 192.168.43.133 has changed and you have requested strict checking.
Host key verification failed.
mohammedrafi@NOC-RAFI:~$
mohammedrafi@NOC-RAFI:~$ ssh-keygen -f “/home/mohammedrafi/.ssh/known_hosts” -R 192.168.43.133
# Host 192.168.43.133 found: line 352 type ECDSA
/home/mohammedrafi/.ssh/known_hosts updated.
Original contents retained as /home/mohammedrafi/.ssh/known_hosts.old
mohammedrafi@NOC-RAFI:~$
mohammedrafi@NOC-RAFI:~$ ssh root@192.168.43.133
The authenticity of host ‘192.168.43.133 (192.168.43.133)’ can’t be established.
RSA key fingerprint is b7:bb:29:c7:fd:18:6c:8d:2d:60:2c:c2:ce:f1:b3:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.43.133’ (RSA) to the list of known hosts.
Password:
Last login: Thu Nov 10 14:26:58 2016 from 192.168.43.1
==========================================================================

If u want to change any parameters do it as follows by passing hiera-data

[root@server ~]# vim /etc/puppet/hieradata/roles/sshauth.yaml

classes:
– ‘ssh’
ssh::sshd_pubkeyauthentication: ‘no’
[root@server ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for server.puppet.com
Info: Applying configuration version ‘1478817562’
Notice: /Stage[main]/Ssh/File[sshd_config]/content:
— /etc/ssh/sshd_config 2016-11-10 17:40:43.352547754 -0500
+++ /tmp/puppet-file20161110-4819-13029oa 2016-11-10 20:00:10.373298397 -0500
@@ -49,7 +49,7 @@

#RSAAuthentication yes
#PubkeyAuthentication yes
-PubkeyAuthentication yes
+PubkeyAuthentication no
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

Info: Computing checksum on file /etc/ssh/sshd_config
Info: /Stage[main]/Ssh/File[sshd_config]: Filebucketed /etc/ssh/sshd_config to puppet with sum 969b46c8fab7a5f007418e872bfc365d
Notice: /Stage[main]/Ssh/File[sshd_config]/content: content changed ‘{md5}969b46c8fab7a5f007418e872bfc365d’ to ‘{md5}9167ffab9fe05251cf4c9f2572bacfa4’
Info: /Stage[main]/Ssh/File[sshd_config]: Scheduling refresh of Service[sshd_service]
Notice: /Stage[main]/Ssh/Service[sshd_service]: Triggered ‘refresh’ from 1 events
Notice: Finished catalog run in 6.48 seconds

==========================================================================

[root@server ~]# cat /etc/ssh/ssh_config
# This file is being maintained by Puppet.
# DO NOT EDIT

# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
PasswordAuthentication yes
PubkeyAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 2
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# HashKnownHosts no
HashKnownHosts no
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts
Host *
# GSSAPIAuthentication yes
GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes
UseRoaming no
# Send locale-related environment variables
SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
==============================================

[root@server ~]# cat /etc/ssh/sshd_config
# This file is being maintained by Puppet.
# DO NOT EDIT

# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
AddressFamily any

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTH
#LogLevel INFO
LogLevel INFO

# Authentication:

#LoginGraceTime 120
LoginGraceTime 120
#PermitRootLogin yes
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
HostbasedAuthentication no
# Change to yes if you don’t trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
IgnoreUserKnownHosts no
# Don’t read the user’s ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication yes

# Kerberos options
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to ‘yes’ to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# “PermitRootLogin without-password”. If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
X11UseLocalhost yes
#PrintMotd yes
PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
ClientAliveInterval 0
ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#MaxSessions 10

#PermitTunnel no
PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none
Banner none

#XAuthLocation /usr/bin/xauth
XAuthLocation /usr/bin/xauth

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

==============================================

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s