OpenSSH Server Configuration for Secure Remote Access
Learn how to configure OpenSSH server for secure remote access, including settings for authentication, access control, and encryption, ensuring a robust and secure SSH environment.
# - iNFO -----------------------------------------------------------------------------
#
# Author: wuseman <wuseman@nr1.nu>
# FileName: sshd_config example config
#
# Created: 2021-10-22 (08:40:33)
# Modified:
#
# iRC: wuseman (Libera/EFnet/LinkNet)
# Website: https://www.nr1.nu/
# GitHub: https://github.com/wuseman/
#
# - Descrpiption --------------------------------------------------------------------
#
# No description has been added
#
# - End of Header -------------------------------------------------------------
AcceptEnv COLORTERM
AcceptEnv LANG LC_*
AddressFamily inet
AllowAgentForwarding yes
#AllowGroups
AllowTcpForwarding all
AllowUsers wuseman root
#AuthenticationMethods publickey
AuthorizedKeysFile .ssh/authorized_keys
Banner none
#CASignatureAlgorithms ssh-ed25519
ChallengeResponseAuthentication yes
ChrootDirectory none
#Ciphers aes256-gcm@openssh.com
ClientAliveCountMax 0
#Compression yes
#DenyGroups
#DenyUsers
ExposeAuthInfo no
ForceCommand none
GatewayPorts no
HostbasedAuthentication no
HostbasedUsesNameFromPacketOnly no
HostKeyAlgorithms ssh-ed25519
#IgnoreRhosts yes
#IgnoreUserKnownHosts no
#KexAlgorithms curve25519-sha256
#HostKeyAlgorithms ssh-ed25519
IgnoreUserKnownHosts no
LogLevel VERBOSE
MaxAuthTries 3
MaxSessions 20
#MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
PasswordAuthentication yes
#PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin prohibit-password
#PermitRootLogin prohibit-password
PermitTTY yes
PermitTunnel yes
Port 22
PermitTunnel yes
PrintLastLog yes
PrintMotd no
PubkeyAuthentication yes
StrictModes no
TCPKeepAlive no
UseDNS no
UsePAM no
#X11Forwarding yes
#X11UseLocalhost yes
Subsystem sftp /usr/lib/openssh/sftp-server