Set Red Hat default SSHD configuration properly
Currently, the sshd configuration generated on RHEL does not reflect the default RHEL configuration: Port 22 AcceptEnv LANG LC_* ChallengeResponseAuthentication no HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key PrintMotd no Subsystem sftp /usr/libexec/openssh/sftp-server UsePAM yes X11Forwarding yes The default RHEL sshd configuration has some more stuff in it, especially regarding the logging and accepted environments: HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key SyslogFacility AUTHPRIV AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials no UsePAM yes X11Forwarding yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS Subsystem sftp /usr/libexec/openssh/sftp-server In addition, with release >Queens, the configuration is managed directly in tripleo-heat-templates, and will look like the standard RHEL one. Change-Id: I4803615fb6b8066b0c1afe2b0b7cbbd9d50aff40
This commit is contained in:
parent
be5fa9744f
commit
ed96987af5
|
@ -1,2 +1,22 @@
|
|||
rabbitmq::package_provider: yum
|
||||
tripleo::selinux::mode: enforcing
|
||||
tripleo::profile::base::sshd::options:
|
||||
HostKey:
|
||||
- '/etc/ssh/ssh_host_rsa_key'
|
||||
- '/etc/ssh/ssh_host_ecdsa_key'
|
||||
- '/etc/ssh/ssh_host_ed25519_key'
|
||||
SyslogFacility: 'AUTHPRIV'
|
||||
AuthorizedKeysFile: '.ssh/authorized_keys'
|
||||
ChallengeResponseAuthentication: 'no'
|
||||
GSSAPIAuthentication: 'yes'
|
||||
GSSAPICleanupCredentials: 'no'
|
||||
UsePAM: 'yes'
|
||||
UseDNS: 'no'
|
||||
X11Forwarding: 'yes'
|
||||
UsePrivilegeSeparation: 'sandbox'
|
||||
AcceptEnv:
|
||||
- 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
|
||||
- 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
|
||||
- 'LC_IDENTIFICATION LC_ALL LANGUAGE'
|
||||
- 'XMODIFIERS'
|
||||
Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
|
||||
|
|
Loading…
Reference in New Issue