root@micro-node3:~# cd /etc/ssh/ root@micro-node3:/etc/ssh# cat sshd_config
# package generated configuration file
# see the sshd_config(5) manpage for details# what ports, ips and protocols we listen for
port 22
# use these options to restrict which interfaces/protocols sshd will bind to
#listenaddress ::
#listenaddress 0.0.0.0
protocol 2
# hostkeys for protocol version 2
hostkey /etc/ssh/ssh_host_rsa_key
hostkey /etc/ssh/ssh_host_dsa_key
hostkey /etc/ssh/ssh_host_ecdsa_key
hostkey /etc/ssh/ssh_host_ed25519_key
#privilege separation is turned on for security
useprivilegeseparation yes# lifetime and size of ephemeral version 1 server key
keyregenerationinterval 3600
serverkeybits 1024# loggingloglevel info# authentication:
logingracetime 120
#--! permitrootlogin prohibit-password
strictmodes yesrsaauthentication yes
pubkeyauthentication yes
#authorizedkeysfile %h/.ssh/authorized_keys# don't read the user's ~/.rhosts and ~/.shosts files
ignorerhosts yes
# for this to work you will also need host keys in /etc/ssh_known_hosts
rhostsrsaauthentication no
# similar for protocol version 2
hostbasedauthentication no
# uncomment if you don't trust ~/.ssh/known_hosts for rhostsrsaauthentication
#ignoreuserknownhosts yes# to enable empty passwords, change to yes (not recommended)
permitemptypasswords no# change to yes to enable challenge-response passwords (beware issues with
# some pam modules and threads)
challengeresponseauthentication no# change to no to disable tunnelled clear text passwords# kerberos options
#kerberosauthentication no
#kerberosgetafstoken no
#kerberosorlocalpasswd yes
#kerberosticketcleanup yes# gssapi options
#gssapiauthentication no
#gssapicleanupcredentials yesx11forwarding yes
x11displayoffset 10
printmotd no
printlastlog yes
tcpkeepalive yes
#uselogin no#maxstartups 10:30:60
#banner /etc/issue.net# allow client to pass locale environment variables
acceptenv lang lc_*subsystem sftp /usr/lib/openssh/sftp-server# set this to 'yes' to enable pam authentication, account processing,
# and session processing. if this is enabled, pam authentication will
# be allowed through the challengeresponseauthentication and
# pam authentication via challengeresponseauthentication may bypass
# the setting of "permitrootlogin without-password".
# if you just want the pam account and session checks to run without
# and challengeresponseauthentication to 'no'.
usepam yesusedns no
addressfamily inet
syslogfacility authpriv
permitrootlogin yes
passwordauthentication no
