1 # Package generated configuration file
2 # See the sshd(8) manpage for details
4 # What ports, IPs and protocols we listen for
6 <%= extraports = case fqdn
7 when "ravel.debian.org" then "Port 443"
8 when "agnesi.debian.org" then "Port 2260"
12 # Use these options to restrict which interfaces/protocols sshd will bind to
14 #ListenAddress 0.0.0.0
16 # HostKeys for protocol version 2
17 HostKey /etc/ssh/ssh_host_rsa_key
18 #Privilege Separation is turned on for security
19 UsePrivilegeSeparation yes
21 # Lifetime and size of ephemeral version 1 server key
22 KeyRegenerationInterval 3600
31 PermitRootLogin without-password
35 PubkeyAuthentication yes
37 # Don't read the user's ~/.rhosts and ~/.shosts files
39 # For this to work you will also need host keys in /etc/ssh_known_hosts
40 RhostsRSAAuthentication no
41 # similar for protocol version 2
42 HostbasedAuthentication no
43 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
44 #IgnoreUserKnownHosts yes
46 # To enable empty passwords, change to yes (NOT RECOMMENDED)
47 PermitEmptyPasswords no
49 # Change to yes to enable challenge-response passwords (beware issues with
50 # some PAM modules and threads)
51 ChallengeResponseAuthentication no
54 #KerberosAuthentication no
55 #KerberosGetAFSToken no
56 #KerberosOrLocalPasswd yes
57 #KerberosTicketCleanup yes
60 #GSSAPIAuthentication no
61 #GSSAPICleanupCredentials yes
71 #Banner /etc/issue.net
73 # Allow client to pass locale environment variables
76 Subsystem sftp /usr/lib/openssh/sftp-server
79 <% if %w{lenny squeeze}.include?(lsbdistcodename) %>
80 AuthorizedKeysFile /etc/ssh/userkeys/%u
81 AuthorizedKeysFile2 /var/lib/misc/userkeys/%u
83 AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u
85 PasswordAuthentication no