Timotej Lazar
5da50c14f9
Leave the default sshd alone. If ssh is not necessary in default VRF, another role should disable it.
15 lines
304 B
Plaintext
15 lines
304 B
Plaintext
# This is for sshd in management VRF, for ansible and other not-really-OOB stuff.
|
|
|
|
PidFile none
|
|
UsePAM no
|
|
|
|
# Only allow pubkey auth.
|
|
KbdInteractiveAuthentication no
|
|
PasswordAuthentication no
|
|
PermitRootLogin prohibit-password
|
|
|
|
# Disable what we can.
|
|
AllowTcpForwarding no
|
|
GatewayPorts no
|
|
X11Forwarding no
|