FreeBSD Bugzilla – Attachment 201095 Details for
Bug 234793
Failed unknown for $USER in sshd logs even if I got authenticated
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
server--sshd_config
file_234793.txt (text/plain), 3.91 KB, created by
Egbert Pot
on 2019-01-13 10:49:12 UTC
(
hide
)
Description:
server--sshd_config
Filename:
MIME Type:
Creator:
Egbert Pot
Created:
2019-01-13 10:49:12 UTC
Size:
3.91 KB
patch
obsolete
># $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ ># $FreeBSD: releng/12.0/crypto/openssh/sshd_config 338561 2018-09-10 16:20:12Z des $ > ># This is the sshd server system-wide configuration file. See ># sshd_config(5) for more information. > ># This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin > ># The strategy used for options in the default sshd_config shipped with ># OpenSSH is to specify options with their default value where ># possible, but leave them commented. Uncommented options override the ># default value. > ># Note that some of FreeBSD's defaults differ from OpenBSD's, and ># FreeBSD has a few additional options. > >#Port 22 >#AddressFamily any >#ListenAddress 0.0.0.0 >#ListenAddress :: > >#HostKey /etc/ssh/ssh_host_rsa_key >#HostKey /etc/ssh/ssh_host_ecdsa_key >#HostKey /etc/ssh/ssh_host_ed25519_key ># Supported HostKey algorithms by order of preference. >HostKey /etc/ssh/ssh_host_ed25519_key >HostKey /etc/ssh/ssh_host_rsa_key >HostKey /etc/ssh/ssh_host_ecdsa_key > ># Specifies the available KEX (Key Exchange) algorithms. >KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 > ># Ciphers and keying >#RekeyLimit default none > ># Specifies the ciphers allowed >Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr > > ># Logging >#SyslogFacility AUTH >#LogLevel VERBOSE >LogLevel DEBUG3 > ># Authentication: > >#LoginGraceTime 2m >PermitRootLogin no >#StrictModes yes >MaxAuthTries 6 >#MaxSessions 10 > >PubkeyAuthentication yes > ># The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 ># but this is overridden so installations will only check .ssh/authorized_keys >AuthorizedKeysFile .ssh/authorized_keys > >#AuthorizedPrincipalsFile none > >#AuthorizedKeysCommand none >#AuthorizedKeysCommandUser nobody > ># For this to work you will also need host keys in /etc/ssh/ssh_known_hosts >#HostbasedAuthentication no ># Change to yes if you don't trust ~/.ssh/known_hosts for ># HostbasedAuthentication >#IgnoreUserKnownHosts no ># Don't read the user's ~/.rhosts and ~/.shosts files >#IgnoreRhosts yes > ># Change to yes to enable built-in password authentication. >PasswordAuthentication no >PermitEmptyPasswords no > ># Change to no to disable PAM authentication >ChallengeResponseAuthentication no > ># Kerberos options >#KerberosAuthentication no >#KerberosOrLocalPasswd yes >#KerberosTicketCleanup yes >#KerberosGetAFSToken no > ># GSSAPI options >#GSSAPIAuthentication no >#GSSAPICleanupCredentials yes > ># Set this to 'no' to disable PAM authentication, account processing, ># and session processing. If this is enabled, PAM authentication will ># be allowed through the ChallengeResponseAuthentication and ># PasswordAuthentication. Depending on your PAM configuration, ># PAM authentication via ChallengeResponseAuthentication may bypass ># the setting of "PermitRootLogin without-password". ># If you just want the PAM account and session checks to run without ># PAM authentication, then enable this but set PasswordAuthentication ># and ChallengeResponseAuthentication to 'no'. >#UsePAM yes > >#AllowAgentForwarding yes >#AllowTcpForwarding yes >#GatewayPorts no >#X11Forwarding yes >#X11DisplayOffset 10 >#X11UseLocalhost yes >#PermitTTY yes >#PrintMotd yes >#PrintLastLog yes >#TCPKeepAlive yes >#PermitUserEnvironment no >#Compression delayed >#ClientAliveInterval 0 >#ClientAliveCountMax 3 >#UseDNS yes >#PidFile /var/run/sshd.pid >#MaxStartups 10:30:100 >#PermitTunnel no >#ChrootDirectory none >#UseBlacklist no >#VersionAddendum FreeBSD-20180909 > ># no default banner path >#Banner none > ># override default of no subsystems >Subsystem sftp /usr/libexec/sftp-server -f AUTHPRIV -l INFO > ># Example of overriding settings on a per-user basis >#Match User anoncvs ># X11Forwarding no ># AllowTcpForwarding no ># PermitTTY no ># ForceCommand cvs server
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=201095">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 234793
:
201093
|
201094
| 201095 |
201466
|
201758