Configuration SSH serveurs

2021-11-17 13:20:54 +00:00 · 2021-11-17 13:20:54 +00:00 · c31c1acf3c
parent 95ca1393e6
commit c31c1acf3c
2 changed files with 118 additions and 0 deletions
--- a/Serveurs/aunt.md
+++ b/Serveurs/aunt.md
@ -66,6 +66,65 @@ Adresse ipv6 publique : 2001:910:1360::3

 </details>

+### Configuration SSH
+
+#### /etc/ssh/sshd_config
+<details>
+
+    #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+    # This is the sshd server system-wide configuration file.  See
+    # sshd_config(5) for more information.
+
+    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+    # The strategy used for options in the default sshd_config shipped with
+    # OpenSSH is to specify options with their default value where
+    # possible, but leave them commented.  Uncommented options override the
+    # default value.
+
+    Port 222
+    AddressFamily any
+    ListenAddress 0.0.0.0
+    ListenAddress ::
+
+    PubkeyAuthentication no
+
+    PasswordAuthentication no
+    PermitEmptyPasswords no
+
+    ChallengeResponseAuthentication no
+
+    UsePAM yes
+
+    AllowAgentForwarding yes
+    AllowTcpForwarding yes
+    GatewayPorts yes
+    X11Forwarding no
+    PrintMotd no
+    TCPKeepAlive yes
+    PermitTunnel yes
+
+    AcceptEnv LANG LC_* GIT_*
+
+    Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+
+    Match Group ssh-pubkey
+        PubkeyAuthentication yes
+
+    Match Group ssh-login
+        PasswordAuthentication yes
+        PubkeyAuthentication yes
+
+    Match Address 127.0.0.*
+        PubkeyAuthentication yes  
+
+    Match Address 192.169.254.3
+        PubkeyAuthentication yes
+
+</details>
+
 ### Configuration DRBD

 #### /etc/drbd.d/drbd1.res
--- a/Serveurs/mother.md
+++ b/Serveurs/mother.md
@ -66,6 +66,65 @@ Adresse ipv6 publique : 2001:910:1360::2

 </details>

+### Configuration SSH
+
+#### /etc/ssh/sshd_config
+<details>
+
+    #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+    # This is the sshd server system-wide configuration file.  See
+    # sshd_config(5) for more information.
+
+    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+    # The strategy used for options in the default sshd_config shipped with
+    # OpenSSH is to specify options with their default value where
+    # possible, but leave them commented.  Uncommented options override the
+    # default value.
+
+    Port 222
+    AddressFamily any
+    ListenAddress 0.0.0.0
+    ListenAddress ::
+
+    PubkeyAuthentication no
+
+    PasswordAuthentication no
+    PermitEmptyPasswords no
+
+    ChallengeResponseAuthentication no
+
+    UsePAM yes
+
+    AllowAgentForwarding yes
+    AllowTcpForwarding yes
+    GatewayPorts yes
+    X11Forwarding no
+    PrintMotd no
+    TCPKeepAlive yes
+    PermitTunnel yes
+
+    AcceptEnv LANG LC_* GIT_*
+
+    Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+
+    Match Group ssh-pubkey
+        PubkeyAuthentication yes
+
+    Match Group ssh-login
+        PasswordAuthentication yes
+        PubkeyAuthentication yes
+
+    Match Address 127.0.0.*
+        PubkeyAuthentication yes  
+
+    Match Address 192.169.254.3
+        PubkeyAuthentication yes
+
+</details>
+
 ### Configuration DRBD

 #### /etc/drbd.d/drbd1.res