diff options
author | Mike Crute <mike@crute.us> | 2019-01-11 03:51:25 +0000 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2019-01-11 03:51:25 +0000 |
commit | 6269334e0f127c9df5d906a41f01654604a1d98f (patch) | |
tree | 60982f95fe0aa568826390533d41396665495eaf /ssh-bastion | |
parent | 3366b0771e9941f8b906406f515146da88f7e778 (diff) | |
download | dockerfiles-6269334e0f127c9df5d906a41f01654604a1d98f.tar.bz2 dockerfiles-6269334e0f127c9df5d906a41f01654604a1d98f.tar.xz dockerfiles-6269334e0f127c9df5d906a41f01654604a1d98f.zip |
Re-wrap comments
Diffstat (limited to 'ssh-bastion')
-rw-r--r-- | ssh-bastion/etc/ssh/sshd_config | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/ssh-bastion/etc/ssh/sshd_config b/ssh-bastion/etc/ssh/sshd_config index fac41f9..759201d 100644 --- a/ssh-bastion/etc/ssh/sshd_config +++ b/ssh-bastion/etc/ssh/sshd_config | |||
@@ -45,9 +45,9 @@ ForceCommand /usr/bin/nologin | |||
45 | # the host but not be allowed to login or run any commands. | 45 | # the host but not be allowed to login or run any commands. |
46 | MaxSessions 0 | 46 | MaxSessions 0 |
47 | 47 | ||
48 | # This turns off reverse lookups of the originating host which hang sshd | 48 | # This turns off reverse lookups of the originating host which hang sshd on DNS |
49 | # on DNS timeouts when DNS is down. This also breaks "from=" lines in | 49 | # timeouts when DNS is down. This also breaks "from=" lines in authorizd_keys |
50 | # authorizd_keys files which must be converted to dotted quad ip addrs. | 50 | # files which must be converted to dotted quad ip addrs. |
51 | UseDNS no | 51 | UseDNS no |
52 | 52 | ||
53 | # By default SSH doesn't accept any environment variables from the client. But | 53 | # By default SSH doesn't accept any environment variables from the client. But |
@@ -55,8 +55,8 @@ UseDNS no | |||
55 | # the system. | 55 | # the system. |
56 | AcceptEnv LANG LC_* | 56 | AcceptEnv LANG LC_* |
57 | 57 | ||
58 | # Disconnect after this period of time if the user hasn't provided | 58 | # Disconnect after this period of time if the user hasn't provided a correct |
59 | # a correct password. | 59 | # password. |
60 | LoginGraceTime 120 | 60 | LoginGraceTime 120 |
61 | 61 | ||
62 | # Disconnect dead sessions after 30 minutes of inactivity. The server will send | 62 | # Disconnect dead sessions after 30 minutes of inactivity. The server will send |
@@ -69,19 +69,20 @@ ClientAliveCountMax 30 | |||
69 | # routing issue occurs. | 69 | # routing issue occurs. |
70 | TCPKeepAlive no | 70 | TCPKeepAlive no |
71 | 71 | ||
72 | # Allow up to 100 simultaneous unauthenticated connections. Any | 72 | # Allow up to 100 simultaneous unauthenticated connections. Any connections |
73 | # connections beyond that limit will be dropped. | 73 | # beyond that limit will be dropped. |
74 | MaxStartups 100 | 74 | MaxStartups 100 |
75 | 75 | ||
76 | # The maxiumum number of sessions which can be served on one | 76 | # The maxiumum number of sessions which can be served on one multi-plexing |
77 | # multi-plexing connection. ssh does not fail gracefully when this | 77 | # connection. ssh does not fail gracefully when this number is exceeded, so we |
78 | # number is exceeded, so we keep it high. | 78 | # keep it high. |
79 | MaxSessions 100 | 79 | MaxSessions 100 |
80 | 80 | ||
81 | X11Forwarding no | 81 | X11Forwarding no |
82 | PrintMotd no | 82 | PrintMotd no |
83 | 83 | ||
84 | # Used hardened crypto algorithms | 84 | # Used hardened crypto algorithms |
85 | # | ||
85 | # Based on: https://stribika.github.io/2015/01/04/secure-secure-shell.html | 86 | # Based on: https://stribika.github.io/2015/01/04/secure-secure-shell.html |
86 | # And also: https://access.redhat.com/discussions/3121481 | 87 | # And also: https://access.redhat.com/discussions/3121481 |
87 | # And also: https://infosec.mozilla.org/guidelines/openssh | 88 | # And also: https://infosec.mozilla.org/guidelines/openssh |