前回、Win32-OpenSSHをWindows Server 2012 R2にインストールしました。
今回はWin32-OpenSSHをベースにしたChocolatey packageをインストールしてみます。
これは前回のインストール作業を自動で行ってくれるパッケージで誰でも簡単にインストールできるようになっています。
新しいWin32 OpenSSHがリリースされたら数日でパッケージが提供されるようですのでアップデート作業ではこちらのパッケージが便利かもしれません。
Win32 OpenSSH Automated Install and Upgrade using Chocolatey
https://github.com/PowerShell/Win32-OpenSSH/wiki/Win32-OpenSSH-Automated-Install-and-Upgrade-using-Chocolatey
The package automates the install steps listed in wiki. The package is also engineered to use ‘Choco upgrade win32-openssh’ to update to the latest release. Be sure to look over the installation instructions on Chocolatey as the package takes special switches to install, upgrade and uninstall the sshd service and a special switch to completely clean up server keys on an uninstall.
Win32 OpenSSH (Universal Installer)
https://chocolatey.org/packages/openssh
通常のインストールとChocolatey packageの違い
- sshdサービスの自動起動設定と開始
- Firewallの許可(アンインストール時には許可ルールを削除)
- 独自のインストール/アンインストールプログラム(添付のスクリプトは使用しない)
- 可能な限り既知の問題を回避する(ログ設定の問題など)
- インストールステップでの必要な問合せ(例えばキーベースでの認証ではsshdサービス開始前にリブートが必要だと)
インストール環境
・Windows Server 2012 R2 評価版(Version 6.3.9600)
- Chocolate Package Managerのインストール
- SSH Client Toosのインストール
- SSH client toolsとsshd serverのインストール
PowerShellを管理者モードで起動して下記のコマンドを実行します。
https://chocolatey.org/install
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
PS C:\> Set-ExecutionPolicy Bypass; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) 実行ポリシーの変更 実行ポリシーは、信頼されていないスクリプトからの保護に役立ちます。実行ポリシーを変更すると、 about_Execution_Policies のヘルプ トピック (http://go.microsoft.com/fwlink/?LinkID=135170) で説明されているセキュリティ上の危険にさらされる可能性があります。実行ポリシーを変更しますか ? [Y] はい(Y) [N] いいえ(N) [S] 中断(S) [?] ヘルプ (既定値は "Y"): Y Mode LastWriteTime Length Name ---- ------------- ------ ---- d---- 2017/10/05 20:52 chocInstall Getting latest version of the Chocolatey package for download. Getting Chocolatey from https://chocolatey.org/api/v2/package/chocolatey/0.10.8. Downloading 7-Zip commandline tool prior to extraction. Extracting C:\Users\ADMINI~1\AppData\Local\Temp\2\chocolatey\chocInstall\chocolatey.zip to C:\Users\ADMINI~1\AppData\Local\Temp\2\chocolatey\chocInstall... Installing chocolatey on this machine Creating ChocolateyInstall as an environment variable (targeting 'Machine') Setting ChocolateyInstall to 'C:\ProgramData\chocolatey' WARNING: It's very likely you will need to close and reopen your shell before you can use choco. Restricting write permissions to Administrators We are setting up the Chocolatey package repository. The packages themselves go to 'C:\ProgramData\chocolatey\lib' (i.e. C:\ProgramData\chocolatey\lib\yourPackageName). A shim file for the command line goes to 'C:\ProgramData\chocolatey\bin' and points to an executable in 'C:\ProgramData\chocolatey\lib\yourPackageName'. Creating Chocolatey folders if they do not already exist. WARNING: You can safely ignore errors related to missing log files when upgrading from a version of Chocolatey less than 0.9.9. 'Batch file could not be found' is also safe to ignore. 'The system cannot find the file specified' - also safe. chocolatey.nupkg file not installed in lib. Attempting to locate it from bootstrapper. PATH environment variable does not have C:\ProgramData\chocolatey\bin in it. Adding... 警告: Not setting tab completion: Profile file does not exist at 'C:\Users\Administrator\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1'. Chocolatey (choco.exe) is now ready. You can call choco from anywhere, command line or powershell by typing choco. Run choco /? for a list of functions. You may need to shut down and restart powershell and/or consoles first prior to using choco. Ensuring chocolatey commands are on the path Ensuring chocolatey.nupkg is in the lib folder |
オンラインで最新バージョンをインストールします。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
PS C:\> choco install openssh Chocolatey v0.10.8 Installing the following packages: openssh By installing you accept licenses for the packages. Progress: Downloading openssh 0.0.21.0... 100% openssh v0.0.21.0 [Approved] openssh package files install completed. Performing other installation steps. Running on: Windows Server 2012 R2 Standard Evaluation, (ServerStandardEval) Windows Version: 6.3.9600 ************************************************************************************ ************************************************************************************ This package is a Universal Installer and can ALSO install Win32-OpenSSH on Nano, Server Core, Docker Containers and more WITHOUT using Chocolatey. See the following for more details: https://github.com/DarwinJS/ChocoPackages/blob/master/openssh/readme.md ************************************************************************************ ************************************************************************************ Extracting C:\ProgramData\chocolatey\lib\openssh\tools\OpenSSH-Win64.zip to C:\Users\Administrator\AppData\Local\Temp\ch ocolatey\OpenSSHTemp... C:\Users\Administrator\AppData\Local\Temp\chocolatey\OpenSSHTemp Hashes for internal source match C:\Program Files\OpenSSH-Win64 C:\Program Files\OpenSSH-Win64\FixHostFilePermissions.ps1 C:\Program Files\OpenSSH-Win64\FixUserFilePermissions.ps1 C:\Program Files\OpenSSH-Win64\install-sshd.ps1 C:\Program Files\OpenSSH-Win64\libcrypto-41.dll C:\Program Files\OpenSSH-Win64\OpenSSHUtils.psd1 C:\Program Files\OpenSSH-Win64\OpenSSHUtils.psm1 C:\Program Files\OpenSSH-Win64\scp.exe C:\Program Files\OpenSSH-Win64\sftp-server.exe C:\Program Files\OpenSSH-Win64\sftp.exe C:\Program Files\OpenSSH-Win64\ssh-add.exe C:\Program Files\OpenSSH-Win64\ssh-agent.exe C:\Program Files\OpenSSH-Win64\ssh-keygen.exe C:\Program Files\OpenSSH-Win64\ssh-keyscan.exe C:\Program Files\OpenSSH-Win64\ssh-shellhost.exe C:\Program Files\OpenSSH-Win64\ssh.exe C:\Program Files\OpenSSH-Win64\sshd.exe C:\Program Files\OpenSSH-Win64\sshd_config C:\Program Files\OpenSSH-Win64\uninstall-sshd.ps1 PATH environment variable does not have C:\Program Files\OpenSSH-Win64 in it. Adding... Updating machine environment variable TERM from "" to "xterm" NEW VERSIONS OF SSH EXES: FileName FileVersion -------- ----------- C:\Program Files\OpenSSH-Win64\scp.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\sftp-server.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\sftp.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh-add.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh-agent.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh-keygen.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh-keyscan.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh-shellhost.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\sshd.exe 0.0.21.0 WARNING: You must start a new prompt, or use the command 'refreshenv' (provided by your chocolatey install) to re-read t he environment for the tools to be available in this shell session. Environment Vars (like PATH) have changed. Close/reopen your shell to see the changes (or in powershell/cmd.exe just type `refreshenv`). The install of openssh was successful. Software installed to 'C:\Users\Administrator\AppData\Local\Temp\chocolatey\OpenSSHTemp' Chocolatey installed 1/1 packages. See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log). |
キー認証を行なう、ポートを22から変更するなど必要に応じてパラメータを指定して下さい。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 |
PS C:\> choco install openssh -params '"/SSHServerFeature"' Chocolatey v0.10.8 Installing the following packages: openssh By installing you accept licenses for the packages. Progress: Downloading openssh 0.0.21.0... 100% openssh v0.0.21.0 [Approved] openssh package files install completed. Performing other installation steps. The package openssh wants to run 'chocolateyinstall.ps1'. Note: If you don't run this script, the installation will fail. Note: To confirm automatically next time, use '-y' or consider: choco feature enable -n allowGlobalConfirmation Do you want to run the script?([Y]es/[N]o/[P]rint): Y Running on: Windows Server 2012 R2 Standard Evaluation, (ServerStandardEval) Windows Version: 6.3.9600 ************************************************************************************ ************************************************************************************ This package is a Universal Installer and can ALSO install Win32-OpenSSH on Nano, Server Core, Docker Containers and more WITHOUT using Chocolatey. See the following for more details: https://github.com/DarwinJS/ChocoPackages/blob/master/openssh/readme.md ************************************************************************************ ************************************************************************************ /SSHServerFeature was used, including SSH Server Feature. Defaulting system TERM environment variable to xterm Extracting C:\ProgramData\chocolatey\lib\openssh\tools\OpenSSH-Win64.zip to C:\Users\Administrator\AppData\Local\Temp\ch ocolatey\OpenSSHTemp... C:\Users\Administrator\AppData\Local\Temp\chocolatey\OpenSSHTemp /SSHAgentFeature is also automatically enabled when using /SSHServerFeature. Probing for possible conflicts with SSHD server to be configured on port 22 ... Hashes for internal source match C:\Program Files\OpenSSH-Win64 C:\Program Files\OpenSSH-Win64\FixHostFilePermissions.ps1 C:\Program Files\OpenSSH-Win64\FixUserFilePermissions.ps1 C:\Program Files\OpenSSH-Win64\install-sshd.ps1 C:\Program Files\OpenSSH-Win64\libcrypto-41.dll C:\Program Files\OpenSSH-Win64\OpenSSHUtils.psd1 C:\Program Files\OpenSSH-Win64\OpenSSHUtils.psm1 C:\Program Files\OpenSSH-Win64\scp.exe C:\Program Files\OpenSSH-Win64\sftp-server.exe C:\Program Files\OpenSSH-Win64\sftp.exe C:\Program Files\OpenSSH-Win64\ssh-add.exe C:\Program Files\OpenSSH-Win64\ssh-agent.exe C:\Program Files\OpenSSH-Win64\ssh-keygen.exe C:\Program Files\OpenSSH-Win64\ssh-keyscan.exe C:\Program Files\OpenSSH-Win64\ssh-shellhost.exe C:\Program Files\OpenSSH-Win64\ssh.exe C:\Program Files\OpenSSH-Win64\sshd.exe C:\Program Files\OpenSSH-Win64\sshd_config C:\Program Files\OpenSSH-Win64\uninstall-sshd.ps1 PATH environment variable does not have C:\Program Files\OpenSSH-Win64 in it. Adding... Updating machine environment variable TERM from "" to "xterm" [SC] SetServiceObjectSecurity SUCCESS Account: NT SERVICE\SSH-Agent Account SID: S-1-5-80-2277354432-2697620045-1656008878-1855416240-261295475 Export current Local Security Policy タスクは正常に完了しました。 詳細についてはログ %windir%\security\logs\scesrv.log を参照してください。 Modify Setting "Logon as a Service" *S-1-5-80-2277354432-2697620045-1656008878-1855416240-261295475,*S-1-5-80-0 Import new settings to Local Security Policy 6 パーセント完了しました (0/15) Privilege Rights の領域を処理中 13 パーセント完了しました (1/15) Privilege Rights の領域を処理中 20 パーセント完了しました (2/15) Privilege Rights の領域を処理中 100 パーセント完了しました (15/15) Privilege Rights の領域を処理中 タスクは正常に完了しました。 詳細についてはログ %windir%\security\logs\scesrv.log を参照してください。 Done. WARNING: You have specified SSHServerFeature - this machine is being configured as an SSH Server including opening port 22. Setting up SSH Logging WARNING: Explicitly disabling sshd logging as it currently logs about .5 GB / hour Current port setting in "C:\Program Files\OpenSSH-Win64\sshd_config" is "#Port 22", setting it to "Port 22" Generating sshd keys in "C:\Program Files\OpenSSH-Win64" C:\Program Files\OpenSSH-Win64\ssh-keygen.exe: generating new host keys: RSA DSA ECDSA ED25519 OK WARNING: The following private keys should be removed from the machine: [SC] ChangeServiceConfig SUCCESS [SC] ChangeServiceConfig2 SUCCESS Ensuring all ssh key and configuration files have correct permissions for all users [*] C:\Program Files\OpenSSH-Win64\sshd_config Inheritance is removed from 'C:\Program Files\OpenSSH-Win64\sshd_config'. 'BUILTIN\Users' has no more access to 'C:\Program Files\OpenSSH-Win64\sshd_config'. 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES' has no more access to 'C:\Program Files\OpenSSH-Win64\sshd_conf ig'. 'NT SERVICE\sshd' now has Read access to 'C:\Program Files\OpenSSH-Win64\sshd_config'. Repaired permissions [*] C:\Program Files\OpenSSH-Win64\ssh_host_dsa_key 'WIN2012R2\Administrator' has no more access to 'C:\Program Files\OpenSSH-Win64\ssh_host_dsa_key'. 'NT SERVICE\sshd' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_dsa_key'. Repaired permissions [*] C:\Program Files\OpenSSH-Win64\ssh_host_dsa_key.pub 'WIN2012R2\Administrator' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_dsa_key.pub'. 'NT SERVICE\sshd' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_dsa_key.pub'. Repaired permissions [*] C:\Program Files\OpenSSH-Win64\ssh_host_ecdsa_key 'WIN2012R2\Administrator' has no more access to 'C:\Program Files\OpenSSH-Win64\ssh_host_ecdsa_key'. 'NT SERVICE\sshd' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_ecdsa_key'. Repaired permissions [*] C:\Program Files\OpenSSH-Win64\ssh_host_ecdsa_key.pub 'WIN2012R2\Administrator' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_ecdsa_key.pub'. 'NT SERVICE\sshd' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_ecdsa_key.pub'. Repaired permissions [*] C:\Program Files\OpenSSH-Win64\ssh_host_ed25519_key 'WIN2012R2\Administrator' has no more access to 'C:\Program Files\OpenSSH-Win64\ssh_host_ed25519_key'. 'NT SERVICE\sshd' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_ed25519_key'. Repaired permissions [*] C:\Program Files\OpenSSH-Win64\ssh_host_ed25519_key.pub 'WIN2012R2\Administrator' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_ed25519_key.pub'. 'NT SERVICE\sshd' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_ed25519_key.pub'. Repaired permissions [*] C:\Program Files\OpenSSH-Win64\ssh_host_rsa_key 'WIN2012R2\Administrator' has no more access to 'C:\Program Files\OpenSSH-Win64\ssh_host_rsa_key'. 'NT SERVICE\sshd' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_rsa_key'. Repaired permissions [*] C:\Program Files\OpenSSH-Win64\ssh_host_rsa_key.pub 'WIN2012R2\Administrator' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_rsa_key.pub'. 'NT SERVICE\sshd' now has Read access to 'C:\Program Files\OpenSSH-Win64\ssh_host_rsa_key.pub'. Repaired permissions Done. Account: NT SERVICE\SSHD Account SID: S-1-5-80-3847866527-469524349-687026318-516638107-1125189541 Export current Local Security Policy タスクは正常に完了しました。 詳細についてはログ %windir%\security\logs\scesrv.log を参照してください。 Modify Setting "Replace a process level token" *S-1-5-80-3847866527-469524349-687026318-516638107-1125189541,*S-1-5-19,*S-1-5-20 Import new settings to Local Security Policy 6 パーセント完了しました (0/15) Privilege Rights の領域を処理中 13 パーセント完了しました (1/15) Privilege Rights の領域を処理中 20 パーセント完了しました (2/15) Privilege Rights の領域を処理中 26 パーセント完了しました (3/15) Privilege Rights の領域を処理中 33 パーセント完了しました (4/15) Privilege Rights の領域を処理中 40 パーセント完了しました (5/15) Privilege Rights の領域を処理中 100 パーセント完了しました (15/15) Privilege Rights の領域を処理中 タスクは正常に完了しました。 詳細についてはログ %windir%\security\logs\scesrv.log を参照してください。 Done. Account: NT SERVICE\SSHD Account SID: S-1-5-80-3847866527-469524349-687026318-516638107-1125189541 Export current Local Security Policy タスクは正常に完了しました。 詳細についてはログ %windir%\security\logs\scesrv.log を参照してください。 Modify Setting "Logon as a Service" *S-1-5-80-3847866527-469524349-687026318-516638107-1125189541,*S-1-5-80-0,*S-1-5-80-2277354432-2697620045-1656008878-185 5416240-261295475 Import new settings to Local Security Policy 6 パーセント完了しました (0/15) Privilege Rights の領域を処理中 13 パーセント完了しました (1/15) Privilege Rights の領域を処理中 20 パーセント完了しました (2/15) Privilege Rights の領域を処理中 26 パーセント完了しました (3/15) Privilege Rights の領域を処理中 33 パーセント完了しました (4/15) Privilege Rights の領域を処理中 40 パーセント完了しました (5/15) Privilege Rights の領域を処理中 100 パーセント完了しました (15/15) Privilege Rights の領域を処理中 タスクは正常に完了しました。 詳細についてはログ %windir%\security\logs\scesrv.log を参照してください。 Done. Starting SSHD... Starting SSH-Agent... Installing Server Keys into SSH-Agent 成功: スケジュール タスク "ssh-add" は正しく作成されました。 成功: スケジュール タスク "ssh-add" の実行が試行されました。 成功: スケジュール タスク "ssh-add" は正しく削除されました。 NEW VERSIONS OF SSH EXES: FileName FileVersion -------- ----------- C:\Program Files\OpenSSH-Win64\scp.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\sftp-server.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\sftp.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh-add.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh-agent.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh-keygen.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh-keyscan.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh-shellhost.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\ssh.exe 0.0.21.0 C:\Program Files\OpenSSH-Win64\sshd.exe 0.0.21.0 WARNING: You must start a new prompt, or use the command 'refreshenv' (provided by your chocolatey install) to re-read t he environment for the tools to be available in this shell session. Environment Vars (like PATH) have changed. Close/reopen your shell to see the changes (or in powershell/cmd.exe just type `refreshenv`). The install of openssh was successful. Software installed to 'C:\Users\Administrator\AppData\Local\Temp\chocolatey\OpenSSHTemp' Chocolatey installed 1/1 packages. See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log). |
sshdサービスも起動していたのでTeraTermで接続したところ無事にadministratorでログインできました。
C:\Program Files\OpenSSH-Win64\sshd_config
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 |
# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # The default requires explicit activation of protocol 1 #Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH LogLevel QUIET # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no #ChrootDirectory none # no default banner path #Banner none # override default of no subsystems Subsystem sftp sftp-server.exe # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server # PubkeyAcceptedKeyTypes ssh-ed25519* hostkeyagent \\.\pipe\openssh-ssh-agent |