1 # Package generated configuration file
2 # See the sshd(8) manpage for details
4 # What ports, IPs and protocols we listen for
6 <%= extraports = case fqdn
7 when "ravel.debian.org" then "Port 443"
11 # Use these options to restrict which interfaces/protocols sshd will bind to
13 #ListenAddress 0.0.0.0
15 # HostKeys for protocol version 2
16 HostKey /etc/ssh/ssh_host_rsa_key
17 #Privilege Separation is turned on for security
18 UsePrivilegeSeparation yes
20 # Lifetime and size of ephemeral version 1 server key
21 KeyRegenerationInterval 3600
30 PermitRootLogin without-password
34 PubkeyAuthentication yes
36 # Don't read the user's ~/.rhosts and ~/.shosts files
38 # For this to work you will also need host keys in /etc/ssh_known_hosts
39 RhostsRSAAuthentication no
40 # similar for protocol version 2
41 HostbasedAuthentication no
42 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
43 #IgnoreUserKnownHosts yes
45 # To enable empty passwords, change to yes (NOT RECOMMENDED)
46 PermitEmptyPasswords no
48 # Change to yes to enable challenge-response passwords (beware issues with
49 # some PAM modules and threads)
50 ChallengeResponseAuthentication no
53 #KerberosAuthentication no
54 #KerberosGetAFSToken no
55 #KerberosOrLocalPasswd yes
56 #KerberosTicketCleanup yes
59 #GSSAPIAuthentication no
60 #GSSAPICleanupCredentials yes
70 #Banner /etc/issue.net
72 # Allow client to pass locale environment variables
75 Subsystem sftp /usr/lib/openssh/sftp-server
78 <% if %w{squeeze}.include?(scope.lookupvar('::lsbdistcodename')) %>
79 AuthorizedKeysFile /etc/ssh/userkeys/%u
80 AuthorizedKeysFile2 /var/lib/misc/userkeys/%u
82 AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more
84 PasswordAuthentication no