diff options
| author | Mike Crute <mike@crute.us> | 2019-01-11 03:51:25 +0000 |
|---|---|---|
| committer | Mike Crute <mike@crute.us> | 2019-01-11 03:51:25 +0000 |
| commit | 6269334e0f127c9df5d906a41f01654604a1d98f (patch) | |
| tree | 60982f95fe0aa568826390533d41396665495eaf /ssh-bastion | |
| parent | 3366b0771e9941f8b906406f515146da88f7e778 (diff) | |
| download | dockerfiles-6269334e0f127c9df5d906a41f01654604a1d98f.tar.bz2 dockerfiles-6269334e0f127c9df5d906a41f01654604a1d98f.tar.xz dockerfiles-6269334e0f127c9df5d906a41f01654604a1d98f.zip | |
Re-wrap comments
Diffstat (limited to 'ssh-bastion')
| -rw-r--r-- | ssh-bastion/etc/ssh/sshd_config | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/ssh-bastion/etc/ssh/sshd_config b/ssh-bastion/etc/ssh/sshd_config index fac41f9..759201d 100644 --- a/ssh-bastion/etc/ssh/sshd_config +++ b/ssh-bastion/etc/ssh/sshd_config | |||
| @@ -45,9 +45,9 @@ ForceCommand /usr/bin/nologin | |||
| 45 | # the host but not be allowed to login or run any commands. | 45 | # the host but not be allowed to login or run any commands. |
| 46 | MaxSessions 0 | 46 | MaxSessions 0 |
| 47 | 47 | ||
| 48 | # This turns off reverse lookups of the originating host which hang sshd | 48 | # This turns off reverse lookups of the originating host which hang sshd on DNS |
| 49 | # on DNS timeouts when DNS is down. This also breaks "from=" lines in | 49 | # timeouts when DNS is down. This also breaks "from=" lines in authorizd_keys |
| 50 | # authorizd_keys files which must be converted to dotted quad ip addrs. | 50 | # files which must be converted to dotted quad ip addrs. |
| 51 | UseDNS no | 51 | UseDNS no |
| 52 | 52 | ||
| 53 | # By default SSH doesn't accept any environment variables from the client. But | 53 | # By default SSH doesn't accept any environment variables from the client. But |
| @@ -55,8 +55,8 @@ UseDNS no | |||
| 55 | # the system. | 55 | # the system. |
| 56 | AcceptEnv LANG LC_* | 56 | AcceptEnv LANG LC_* |
| 57 | 57 | ||
| 58 | # Disconnect after this period of time if the user hasn't provided | 58 | # Disconnect after this period of time if the user hasn't provided a correct |
| 59 | # a correct password. | 59 | # password. |
| 60 | LoginGraceTime 120 | 60 | LoginGraceTime 120 |
| 61 | 61 | ||
| 62 | # Disconnect dead sessions after 30 minutes of inactivity. The server will send | 62 | # Disconnect dead sessions after 30 minutes of inactivity. The server will send |
| @@ -69,19 +69,20 @@ ClientAliveCountMax 30 | |||
| 69 | # routing issue occurs. | 69 | # routing issue occurs. |
| 70 | TCPKeepAlive no | 70 | TCPKeepAlive no |
| 71 | 71 | ||
| 72 | # Allow up to 100 simultaneous unauthenticated connections. Any | 72 | # Allow up to 100 simultaneous unauthenticated connections. Any connections |
| 73 | # connections beyond that limit will be dropped. | 73 | # beyond that limit will be dropped. |
| 74 | MaxStartups 100 | 74 | MaxStartups 100 |
| 75 | 75 | ||
| 76 | # The maxiumum number of sessions which can be served on one | 76 | # The maxiumum number of sessions which can be served on one multi-plexing |
| 77 | # multi-plexing connection. ssh does not fail gracefully when this | 77 | # connection. ssh does not fail gracefully when this number is exceeded, so we |
| 78 | # number is exceeded, so we keep it high. | 78 | # keep it high. |
| 79 | MaxSessions 100 | 79 | MaxSessions 100 |
| 80 | 80 | ||
| 81 | X11Forwarding no | 81 | X11Forwarding no |
| 82 | PrintMotd no | 82 | PrintMotd no |
| 83 | 83 | ||
| 84 | # Used hardened crypto algorithms | 84 | # Used hardened crypto algorithms |
| 85 | # | ||
| 85 | # Based on: https://stribika.github.io/2015/01/04/secure-secure-shell.html | 86 | # Based on: https://stribika.github.io/2015/01/04/secure-secure-shell.html |
| 86 | # And also: https://access.redhat.com/discussions/3121481 | 87 | # And also: https://access.redhat.com/discussions/3121481 |
| 87 | # And also: https://infosec.mozilla.org/guidelines/openssh | 88 | # And also: https://infosec.mozilla.org/guidelines/openssh |