From 68fee1e0d7309de2a0a0b91d3a59230b84e9c17d Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Mon, 21 Oct 2024 20:01:06 +0200 Subject: [PATCH] common: rebase against Debian 12 --- roles/common/templates/sshd_config.j2 | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/common/templates/sshd_config.j2 b/roles/common/templates/sshd_config.j2 index e74eb43..5ca2552 100644 --- a/roles/common/templates/sshd_config.j2 +++ b/roles/common/templates/sshd_config.j2 @@ -1,9 +1,8 @@ -# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where @@ -69,7 +68,7 @@ PasswordAuthentication {{ sshd_password_authentication }} # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) -ChallengeResponseAuthentication no +KbdInteractiveAuthentication no # Kerberos options #KerberosAuthentication no @@ -85,13 +84,13 @@ ChallengeResponseAuthentication no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and +# be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. +# and KbdInteractiveAuthentication to 'no'. UsePAM yes #AllowAgentForwarding yes @@ -109,7 +108,7 @@ PrintMotd no #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no -#PidFile /var/run/sshd.pid +#PidFile /run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none