habe hier mal meine sshd_config gepostet.
könntet ihr bitte mal schauen ob die so passt also von den sicherheitsaspekten und ob ich etwas weglassen kann bzw etwas doppelaufgeführt hab??
Code: Select all
1.
# Package generated configuration file
2.
# See the sshd(8) manpage for details
3.
4.
# What ports, IPs and protocols we listen for
5.
Port 22228
6.
# Use these options to restrict which interfaces/protocols sshd will bind to
7.
#ListenAddress ::
8.
#ListenAddress 0.0.0.0
9.
Protocol 2
10.
# HostKeys for protocol version 2
11.
HostKey /etc/ssh/ssh_host_rsa_key
12.
HostKey /etc/ssh/ssh_host_dsa_key
13.
#Privilege Separation is turned on for security
14.
UsePrivilegeSeparation yes
15.
16.
# Lifetime and size of ephemeral version 1 server key
17.
KeyRegenerationInterval 3600
18.
ServerKeyBits 768
19.
20.
# Logging
21.
SyslogFacility AUTH
22.
LogLevel INFO
23.
24.
AllowUsers stefan
25.
26.
# Authentication:
27.
LoginGraceTime 120
28.
PermitRootLogin no
29.
StrictModes yes
30.
31.
RSAAuthentication yes
32.
PubkeyAuthentication yes
33.
AuthorizedKeysFile %h/.ssh/authorized_keys
34.
35.
MaxAuthTries 1
36.
37.
# Don't read the user's ~/.rhosts and ~/.shosts files
38.
IgnoreRhosts yes
39.
# For this to work you will also need host keys in /etc/ssh_known_hosts
40.
RhostsRSAAuthentication no
41.
# similar for protocol version 2
42.
HostbasedAuthentication no
43.
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
44.
#IgnoreUserKnownHosts yes
45.
46.
# To enable empty passwords, change to yes (NOT RECOMMENDED)
47.
PermitEmptyPasswords no
48.
49.
# Change to yes to enable challenge-response passwords (beware issues with
50.
# some PAM modules and threads)
51.
ChallengeResponseAuthentication no
52.
53.
# Change to no to disable tunnelled clear text passwords
54.
PasswordAuthentication yes
55.
56.
# Kerberos options
57.
#KerberosAuthentication no
58.
#KerberosGetAFSToken no
59.
#KerberosOrLocalPasswd yes
60.
#KerberosTicketCleanup yes
61.
62.
# GSSAPI options
63.
#GSSAPIAuthentication no
64.
#GSSAPICleanupCredentials yes
65.
66.
X11Forwarding yes
67.
X11DisplayOffset 10
68.
PrintMotd no
69.
PrintLastLog yes
70.
TCPKeepAlive yes
71.
#UseLogin no
72.
73.
#MaxStartups 10:30:60
74.
#Banner /etc/issue.net
75.
76.
# Allow client to pass locale environment variables
77.
AcceptEnv LANG LC_*
78.
79.
Subsystem sftp /usr/lib/openssh/sftp-server
80.
81.
UsePAM yes lg
stefan
edit: hab jetzt getestet und es klappt auch.
muss ich IMMER um mich am server anzumelden den privat_key verwenden?? (den ich über puttygen.exe in ein putty-format umgewandelt hab??)
