summaryrefslogtreecommitdiff
path: root/src/conf_mode/ssh.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-12-18 12:25:12 +0100
committerChristian Poessinger <christian@poessinger.com>2019-12-18 12:25:12 +0100
commit75847af961fd61daa63b26e8bafb1237df85a7fb (patch)
tree63deca295e8b843518cde30cadc2f1df15c6d273 /src/conf_mode/ssh.py
parent60e61ed1247c4f8efdd1805b1e1f2dda5ed2472c (diff)
parent214e63fbad5f1ed008543ba0eec56d1aa6649745 (diff)
downloadvyos-1x-75847af961fd61daa63b26e8bafb1237df85a7fb.tar.gz
vyos-1x-75847af961fd61daa63b26e8bafb1237df85a7fb.zip
Merge branch 'equuleus' of github.com:vyos/vyos-1x into currentvyos/1.3dev0
* 'equuleus' of github.com:vyos/vyos-1x: T1873: DHCP: add current year to copyright notice T1873: DHCP: fix service name in op-mode "show dhcp" T1873: DHCP: ship our own server init scripts vyos.config: T1862: restore regex after merge equuleus: T1862: Use regex pattern \s+ to split strings on whitespace [vyos.config] T1758: adjust regex for change in Python 3.7 Jenkins: Docker: always pull container from Dockerhub ssh - T1719: ssh deprecated options removed Jenkins: assume dependencies are available in Docker container Jenkins: fix httpURI in isCustomBuild() openvpn: T1617: bugfix for server push-route openvpn: T1548: remove authy 2fa provider update Jenkins file for equuleus igmpproxy: remove init script which is already provided by Debian Buster
Diffstat (limited to 'src/conf_mode/ssh.py')
-rwxr-xr-xsrc/conf_mode/ssh.py7
1 files changed, 1 insertions, 6 deletions
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index e3b11b537..9fe22bfee 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -37,16 +37,11 @@ HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
-UsePrivilegeSeparation yes
-KeyRegenerationInterval 3600
-ServerKeyBits 1024
SyslogFacility AUTH
LoginGraceTime 120
StrictModes yes
-RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
-RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
@@ -58,7 +53,7 @@ TCPKeepAlive yes
Banner /etc/issue.net
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
-HostKey /etc/ssh/ssh_host_key
+HostKey /etc/ssh/ssh_host_rsa_key
# Specifies whether sshd should look up the remote host name,
# and to check that the resolved host name for the remote IP