From 5387f304f198844dc2a5bfac7b8cb8635d8dbbdc Mon Sep 17 00:00:00 2001 From: Someone Date: Mon, 3 Nov 2025 18:42:39 +0100 Subject: [PATCH] roles/base/ssh/files --- roles/base/ssh/files/default/sshd_config | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/roles/base/ssh/files/default/sshd_config b/roles/base/ssh/files/default/sshd_config index 84cd1e0..03187ff 100644 --- a/roles/base/ssh/files/default/sshd_config +++ b/roles/base/ssh/files/default/sshd_config @@ -16,6 +16,8 @@ # possible, but leave them commented. Uncommented options override the # default value. +# Include /etc/ssh/sshd_config.d/*.conf + Port 2 #AddressFamily any #ListenAddress 0.0.0.0 @@ -27,11 +29,6 @@ HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none -# Disabled ECDSA/NIST curves. -KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group-exchange-sha256 -Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr -MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com - # Logging #SyslogFacility AUTH #LogLevel INFO @@ -62,12 +59,14 @@ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@op # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes -# To disable tunneled clear text passwords, change to no here! +# To disable tunneled clear text passwords, change to "no" here! PasswordAuthentication no #PermitEmptyPasswords no -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) +# Change to "yes" to enable keyboard-interactive authentication. Depending on +# the system's configuration, this may involve passwords, challenge-response, +# one-time passwords or some combination of these and other methods. +# Beware issues with some PAM modules and threads. KbdInteractiveAuthentication no # Kerberos options @@ -117,8 +116,8 @@ PrintMotd no # no default banner path #Banner none -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* +# Allow client to pass locale and color environment variables +AcceptEnv LANG LC_* COLORTERM NO_COLOR # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server -- 2.47.3