From e68fdd7535e5ac308b4329c3431dd2b062a5f94b Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Wed, 22 Jan 2020 22:42:42 +0000 Subject: [PATCH] commit feda1af76556f65b0cbc053a881bf73b971fa6ac Author: Robert Kaussow Date: Wed Jan 22 23:24:47 2020 +0100 force run --- index.md | 287 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 287 insertions(+) create mode 100644 index.md diff --git a/index.md b/index.md new file mode 100644 index 0000000..94b4973 --- /dev/null +++ b/index.md @@ -0,0 +1,287 @@ +--- +title: sshd +type: docs +--- + +Configure sshd server + +* [Default Variables](#default-variables) + * [sshd_allow_agent_forwarding](#sshd-allow-agent-forwarding) + * [sshd_allow_groups](#sshd-allow-groups) + * [sshd_allow_tcp_forwarding](#sshd-allow-tcp-forwarding) + * [sshd_challenge_response_authentication](#sshd-challenge-response-authentication) + * [sshd_ciphers](#sshd-ciphers) + * [sshd_client_alive_count_max](#sshd-client-alive-count-max) + * [sshd_client_alive_interval](#sshd-client-alive-interval) + * [sshd_compression](#sshd-compression) + * [sshd_google_auth_enabled](#sshd-google-auth-enabled) + * [sshd_google_auth_exclude_group](#sshd-google-auth-exclude-group) + * [sshd_gssapi_authentication](#sshd-gssapi-authentication) + * [sshd_hostbased_authentication](#sshd-hostbased-authentication) + * [sshd_ignore_rhosts](#sshd-ignore-rhosts) + * [sshd_kex](#sshd-kex) + * [sshd_log_level](#sshd-log-level) + * [sshd_macs](#sshd-macs) + * [sshd_max_auth_tries](#sshd-max-auth-tries) + * [sshd_max_sessions](#sshd-max-sessions) + * [sshd_moduli_minimum](#sshd-moduli-minimum) + * [sshd_password_authentication](#sshd-password-authentication) + * [sshd_permit_empty_passwords](#sshd-permit-empty-passwords) + * [sshd_permit_root_login](#sshd-permit-root-login) + * [sshd_protocol](#sshd-protocol) + * [sshd_strict_modes](#sshd-strict-modes) + * [sshd_tcp_keep_alive](#sshd-tcp-keep-alive) + * [sshd_use_dns](#sshd-use-dns) + * [sshd_x11_forwarding](#sshd-x11-forwarding) +* [Dependencies](#dependencies) + +--- + +## Default Variables + +### sshd_allow_agent_forwarding + +#### Default value + +```YAML +sshd_allow_agent_forwarding: no +``` + +### sshd_allow_groups + +#### Default value + +```YAML +sshd_allow_groups: [] +``` + +### sshd_allow_tcp_forwarding + +#### Default value + +```YAML +sshd_allow_tcp_forwarding: yes +``` + +### sshd_challenge_response_authentication + +If you disable password auth you should disable ChallengeResponseAuth also. + +#### Default value + +```YAML +sshd_challenge_response_authentication: no +``` + +### sshd_ciphers + +#### Default value + +```YAML +sshd_ciphers: + - chacha20-poly1305@openssh.com + - aes256-gcm@openssh.com + - aes128-gcm@openssh.com + - aes256-ctr + - aes192-ctr + - aes128-ctr +``` + +### sshd_client_alive_count_max + +#### Default value + +```YAML +sshd_client_alive_count_max: 0 +``` + +### sshd_client_alive_interval + +#### Default value + +```YAML +sshd_client_alive_interval: 900 +``` + +### sshd_compression + +#### Default value + +```YAML +sshd_compression: delayed +``` + +### sshd_google_auth_enabled + +Google Authenticator required ChallengeResponseAuth! + +#### Default value + +```YAML +sshd_google_auth_enabled: false +``` + +### sshd_google_auth_exclude_group + +Exclude a group from 2FA auth + +#### Default value + +```YAML +sshd_google_auth_exclude_group: _unset_ +``` + +#### Example usage + +```YAML +sshd_google_auth_exclude_group: my_group +``` + +### sshd_gssapi_authentication + +#### Default value + +```YAML +sshd_gssapi_authentication: yes +``` + +### sshd_hostbased_authentication + +#### Default value + +```YAML +sshd_hostbased_authentication: no +``` + +### sshd_ignore_rhosts + +#### Default value + +```YAML +sshd_ignore_rhosts: yes +``` + +### sshd_kex + +#### Default value + +```YAML +sshd_kex: + - curve25519-sha256@libssh.org + - diffie-hellman-group-exchange-sha256 +``` + +### sshd_log_level + +#### Default value + +```YAML +sshd_log_level: INFO +``` + +### sshd_macs + +#### Default value + +```YAML +sshd_macs: + - hmac-sha2-512-etm@openssh.com + - hmac-sha2-256-etm@openssh.com + - hmac-ripemd160-etm@openssh.com + - umac-128-etm@openssh.com + - hmac-sha2-512 + - hmac-sha2-256 + - hmac-ripemd160 +``` + +### sshd_max_auth_tries + +#### Default value + +```YAML +sshd_max_auth_tries: 6 +``` + +### sshd_max_sessions + +#### Default value + +```YAML +sshd_max_sessions: 10 +``` + +### sshd_moduli_minimum + +#### Default value + +```YAML +sshd_moduli_minimum: 2048 +``` + +### sshd_password_authentication + +#### Default value + +```YAML +sshd_password_authentication: no +``` + +### sshd_permit_empty_passwords + +#### Default value + +```YAML +sshd_permit_empty_passwords: no +``` + +### sshd_permit_root_login + +#### Default value + +```YAML +sshd_permit_root_login: yes +``` + +### sshd_protocol + +#### Default value + +```YAML +sshd_protocol: 2 +``` + +### sshd_strict_modes + +#### Default value + +```YAML +sshd_strict_modes: yes +``` + +### sshd_tcp_keep_alive + +#### Default value + +```YAML +sshd_tcp_keep_alive: yes +``` + +### sshd_use_dns + +#### Default value + +```YAML +sshd_use_dns: yes +``` + +### sshd_x11_forwarding + +#### Default value + +```YAML +sshd_x11_forwarding: yes +``` + +## Dependencies + +None.