Attachment 278369 Details for Bug 373221 – Pam configuration and sshd configuration

Pam configuration and sshd configuration

2 (text/plain), 3.42 KB, created by Nilesh Govindrajan on 2011-06-27 17:03:46 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Nilesh Govindrajan

Created: 2011-06-27 17:03:46 UTC

Size: 3.42 KB

patch

obsolete

>#       $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
>
># This is the sshd server system-wide configuration file.  See
># sshd_config(5) for more information.
>
># This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
>
># The strategy used for options in the default sshd_config shipped with
># OpenSSH is to specify options with their default value where
># possible, but leave them commented.  Uncommented options change a
># default value.
>
>#Port 22
>#AddressFamily any
>#ListenAddress 0.0.0.0
>#ListenAddress ::
>
># The default requires explicit activation of protocol 1
>Protocol 2
>
># Logging
># obsoletes QuietMode and FascistLogging
>#SyslogFacility AUTH
>#LogLevel INFO
>
># Authentication:
>
>#LoginGraceTime 2m
>PermitRootLogin without-password 
>StrictModes yes
>#MaxAuthTries 6
>#MaxSessions 10
>
>RSAAuthentication yes
>PubkeyAuthentication yes
>#AuthorizedKeysFile     .ssh/authorized_keys
>
># To disable tunneled clear text passwords, change to no here!
>PasswordAuthentication no 
>PermitEmptyPasswords no
>
># Change to no to disable s/key passwords
>ChallengeResponseAuthentication yes
>
># Set this to 'yes' to enable PAM authentication, account processing, 
># and session processing. If this is enabled, PAM authentication will 
># be allowed through the ChallengeResponseAuthentication and
># PasswordAuthentication.  Depending on your PAM configuration,
># PAM authentication via ChallengeResponseAuthentication may bypass
># the setting of "PermitRootLogin without-password".
># If you just want the PAM account and session checks to run without
># PAM authentication, then enable this but set PasswordAuthentication
># and ChallengeResponseAuthentication to 'no'.
>UsePAM yes
>
>#AllowAgentForwarding yes
>#AllowTcpForwarding yes
>#GatewayPorts no
>#X11Forwarding no
>#X11DisplayOffset 10
>#X11UseLocalhost yes
>PrintMotd no
>PrintLastLog no
>TCPKeepAlive yes
>UseLogin yes
>UsePrivilegeSeparation yes
>#PermitUserEnvironment no
>Compression delayed
>#ClientAliveInterval 0
>#ClientAliveCountMax 3
>#UseDNS yes
>#PidFile /var/run/sshd.pid
>#MaxStartups 10
>#PermitTunnel no
>#ChrootDirectory none
>
># no default banner path
>#Banner none
>
># override default of no subsystems
>Subsystem       sftp    /usr/lib64/misc/sftp-server
>
># the following are HPN related configuration options
># tcp receive buffer polling. disable in non autotuning kernels
>#TcpRcvBufPoll yes
> 
># allow the use of the none cipher
>#NoneEnabled no
>
># disable hpn performance boosts. 
>#HPNDisabled no
>
># buffer size for hpn to non-hpn connections
>#HPNBufferSize 2048
>
>
># Example of overriding settings on a per-user basis
>#Match User anoncvs
>#       X11Forwarding no
>#       AllowTcpForwarding no
>#       ForceCommand cvs server
>
>
>
>
>
>
>
>******************************** /etc/pam.d/system-login  *******************
>
>
>
>
>
>
>
>
>
>
>auth            required        pam_tally2.so onerr=succeed
>auth            required        pam_shells.so 
>auth            required        pam_nologin.so 
>auth            include         system-auth
> 
>account         required        pam_access.so 
>account         required        pam_nologin.so 
>account         include         system-auth
>account         required        pam_tally2.so onerr=succeed 
> 
>password        include         system-auth
> 
>session     optional    pam_loginuid.so
>session         required        pam_env.so 
>session         optional        pam_lastlog.so 
>session         include         system-auth
>session         optional        pam_motd.so motd=/etc/motd
>session         optional        pam_mail.so

Actions: View

Attachments on bug 373221: 278369 | 278589 | 278591 | 278593