atErik · August 16, 2019 04:53
diff --git a/Server3-D10／etc／ssh／sshd_config b/Server3-D10／etc／ssh／sshd_config
 #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
 #
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
 #
 # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
 #
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
 # possible, but leave them commented.  Uncommented options override the
 # default value.
 #
 #
 # Lines begins with the "#" symbol are comments/notes.
 #
 #
 #                in SRVR3 (Server-3) "srvr3.example.com" Server:
 #
 Port 5022
 AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 ListenAddress SRVR3.IPv4.ADRS
 #ListenAddress SRVR3:IPv6:ADRS1
 #ListenAddress SRVR3:IPv6:ADRS2
 #
 # PermitTunnel   :   Specifies whether tun(4) device forwarding is allowed.  The argument must be yes,
 #  point-to-point (layer 3), ethernet (layer 2), or no . Specifying yes permits both point-to-point and
 #  ethernet.  The default is no . Independent of this setting, the permissions of the selected tun(4) device
 #  must allow access to the user.
 #
 Protocol 2
 #
 #ServerKeyBits 16384
 #
 # List of Private/Secret Keys : (the key with ".pub" at-end is public-key)
 HostKey /etc/ssh/ssh_host_rsa_key_SRVR3
 ##HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key_SRVR3
 #
 # Ciphers and keying
 #RekeyLimit default none
 RekeyLimit 100M 1h
 #
 # Logging
 SyslogFacility AUTH
 LogLevel INFO
 #
 # Authentication:
 #
 KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256
 #KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,[email protected],curve25519-sha256
 #KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
 #
 Ciphers [email protected],aes256-ctr
 #Ciphers [email protected],aes256-ctr,[email protected]
 #
 MACs [email protected],hmac-sha2-512,[email protected],hmac-sha2-256
 #
 # Authentication Extra:
 CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa
 #CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519
 HostKeyAlgorithms rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected]
 #HostKeyAlgorithms rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected],ssh-ed25519,[email protected]
 HostbasedAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected]
 #HostbasedAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected],ssh-ed25519,[email protected]
 PubkeyAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected]
 #PubkeyAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected],ssh-ed25519,[email protected]
 #
 #LoginGraceTime 2m
 # PermitRootLogin   :   Specifies whether root can log in using ssh(1).
 #   The argument must be yes, prohibit-password, forced-commands-only, or no.
 #   The default is prohibit-password . If this option is set to prohibit-password (or its deprecated alias,
 #   without-password), password and keyboard-interactive authentication are disabled for root . If this
 #   option is set to forced-commands-only, root login with public key authentication will be allowed, but
 #   only if the command option has been specified (which may be useful for taking remote backups even if
 #   root login is normally not allowed) .  All other authentication methods are disabled for root . If this
 #   option is set to no, root is not allowed to log in.
 #PermitRootLogin prohibit-password
 PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 MaxAuthTries 4
 #MaxSessions 10
 #
 # Expect .ssh/authorized_keys2 to be disregarded by default in future.
 #AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
 #
 # Add user's SSH-pub-keys in their $HOME/.ssh/authorized_keys file:
 AuthorizedKeysFile      %h/.ssh/authorized_keys
 #
 #AuthorizedPrincipalsFile none
 #
 #AuthorizedKeysCommand none
 #AuthorizedKeysCommandUser nobody
 #
 #   AuthenticationMethods : Specifies the authentication methods that must be successfully completed for a
 #   user to be granted access.  This option must be followed by one or more lists of comma-separated
 #   authentication method names, or by the single string any to indicate the default behaviour of accepting
 #   any single authentication method.  If the default is overridden, then successful authentication requires
 #   completion of every method in at least one of these lists.
 #     For example, "publickey,password publickey,keyboard-interactive" would require the user to complete
 #     public key authentication, followed by either password or keyboard interactive authentication.  Only
 #     methods that are next in one or more lists are offered at each stage, so for this example it would not
 #     be possible to attempt password or keyboard-interactive authentication before public key.
 #     For keyboard interactive authentication it is also possible to restrict authentication to a specific
 #     device by appending a colon followed by the device identifier bsdauth or pam.  depending on the server
 #     configuration.
 #     For example, "keyboard-interactive:bsdauth" would restrict keyboard interactive authentication to the
 #     bsdauth device.
 #     If the publickey method is listed more than once, sshd(8) verifies that keys that have been used
 #     successfully are not reused for subsequent authentications.  For example, "publickey,publickey"
 #     requires successful authentication using two different public keys . Note that each authentication
 #     method listed should also be explicitly enabled in the configuration . The available authentication
 #     methods are: "gssapi-with-mic", "hostbased", "keyboard-interactive", "none" (used for access to
 #     password-less accounts when "PermitEmptyPasswords" is enabled), "password" and "publickey".
 #
 #
 PubkeyAuthentication yes
 #RSAAuthentication yes
 #
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 HostbasedAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # HostbasedAuthentication
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 IgnoreRhosts yes
 #RhostsRSAAuthentication no
 #
 # To disable tunneled clear text passwords, change both to no here!
 #   (after create ssh-key in clients and after adding client's pub-key into this server)
 PasswordAuthentication yes
 PermitEmptyPasswords no
 #
 # Change to yes to enable challenge-response passwords (beware issues with
 # some PAM modules and threads)
 ChallengeResponseAuthentication no
 #
 # Kerberos options
 KerberosAuthentication no
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
 #KerberosGetAFSToken no
 #
 # GSSAPI options
 GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 #GSSAPIStrictAcceptorCheck yes
 #GSSAPIKeyExchange no
 #
 # Set "UsePAM" to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
 # be allowed through the ChallengeResponseAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via ChallengeResponseAuthentication may bypass
 # the setting of "PermitRootLogin without-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 # UsePAM   :   Enables the Pluggable Authentication Module interface . If set to yes this will enable
 #   PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM
 #   account and session module processing for all authentication types . Because PAM challenge-response
 #   authentication usually serves an equivalent role to password authentication, you should disable either
 #   PasswordAuthentication or ChallengeResponseAuthentication . If UsePAM is enabled, you will not be able
 #   to run sshd(8) as a non-root user.  The default is no.
 UsePAM yes
 #
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
 #X11Forwarding yes
 X11Forwarding no
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
 PrintMotd no
 #PrintLastLog yes
 #ClientAliveInterval 0
 ClientAliveInterval 30
 #ClientAliveCountMax 3
 ClientAliveCountMax 1
 #TCPKeepAlive yes
 TCPKeepAlive yes
 #PermitUserEnvironment no
 #UsePrivilegeSeparation yes
 Compression delayed
 #UseDNS no
 # UseDNS  :  Specifies whether sshd(8) should look up the remote host name, and to check that the resolved
 #    host name for the remote IP address maps back to the very same IP address . If this option is set to
 #    no (the default) then only addresses and not host names may be used in ~/.ssh/authorized_keys from
 #    and sshd_config Match Host directives.
 UseDNS yes
 #PidFile /var/run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
 #ChrootDirectory none
 #VersionAddendum none
 #
 # no default banner path
 Banner none
 #
 FingerprintHash SHA256
 # MaxSessions  :  Specifies the maximum number of open shell, login or subsystem (e.g. sftp) sessions
 #   permitted per network connection.  Multiple sessions may be established by clients that support
 #   connection multiplexing.
 #   Setting MaxSessions to 1 will effectively disable session multiplexing, whereas setting it to 0 will
 #   prevent all shell, login and subsystem sessions while still permitting forwarding.  The default is 10.
 #
 # Allow client to pass locale environment variables
 AcceptEnv LANG LC_*
 #
 # override default of no subsystems
 Subsystem	sftp	/usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
 #
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no
 #	AllowTcpForwarding no
 #	PermitTTY no
 #	ForceCommand cvs server
 #
 #
 # Match (keywords:User|Group|Host|LocalAddress|LocalPort|RDomain|Address|All) pattern
 #  Under a Match block only these keywords are allowed to override above global settings:
 #   AcceptEnv, AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding, AllowTcpForwarding, AllowUsers,
 #   AuthenticationMethods, AuthorizedKeysCommand, AuthorizedKeysCommandUser, AuthorizedKeysFile,
 #   AuthorizedPrincipalsCommand, AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile, Banner,
 #   ChrootDirectory, ClientAliveCountMax, ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand,
 #   GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, HostbasedAuthentication,
 #   HostbasedUsesNameFromPacketOnly, IPQoS, KbdInteractiveAuthentication, KerberosAuthentication, LogLevel,
 #   MaxAuthTries, MaxSessions, PasswordAuthentication, PermitEmptyPasswords, PermitListen, PermitOpen,
 #   PermitRootLogin, PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, PubkeyAuthentication,
 #   RekeyLimit, RevokedKeys, RDomain, SetEnv, StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys,
 #   X11DisplayOffset, X11Forwarding and X11UseLocalHost.
 #
 #
 # From Debian-1 computer
 Match Address DEB1.PC.IPv4.ADRS
    #ClientAliveInterval 0
    ClientAliveInterval 30
    #ClientAliveCountMax 3
    ClientAliveCountMax 1
    PubkeyAuthentication yes
    PubkeyAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected]
    HostbasedAuthentication yes
    HostbasedAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected]
    PasswordAuthentication no
    PermitRootLogin yes
    MaxAuthTries 10
 #
 #
 # From Debian-2 computer
 Match Address DEB2.PC.IPv4.ADRS
    #ClientAliveInterval 0
    ClientAliveInterval 30
    #ClientAliveCountMax 3
    ClientAliveCountMax 1
    PubkeyAuthentication yes
    PubkeyAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected]
    HostbasedAuthentication yes
    HostbasedAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected]
    PasswordAuthentication no
    PermitRootLogin yes
    MaxAuthTries 10
 #
 #
 # For macOS clients/computers, keep "ssh-rsa" included:
 Match Address AtErikLoc1.IPv4.ADRS,AtErikLoc2.IPv4.ADRS User root
    #ClientAliveInterval 0
    ClientAliveInterval 18
    #ClientAliveCountMax 3
    ClientAliveCountMax 2
    PubkeyAuthentication yes
    PubkeyAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected]
    #PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected]
    #PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],ssh-ed25519,[email protected]
    HostbasedAuthentication yes
    HostbasedAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected]
    #HostbasedAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected]
    #HostbasedAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],ssh-ed25519,[email protected]
    PasswordAuthentication no
    PermitRootLogin yes
    MaxAuthTries 10
 #
 #
 Match Address AtErikLoc1.IPv4.ADRS,AtErikLoc2.IPv4.ADRS User erik
    #ClientAliveInterval 0
    ClientAliveInterval 18
    #ClientAliveCountMax 3
    ClientAliveCountMax 2
    PubkeyAuthentication yes
    PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected]
    #PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],ssh-ed25519,[email protected]
    HostbasedAuthentication no
    HostbasedAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected]
    #HostbasedAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],ssh-ed25519,[email protected]
    PasswordAuthentication no
    PermitRootLogin no
    MaxAuthTries 10
 #
 #
	# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
	#
	# This is the sshd server system-wide configuration file. See
	# sshd_config(5) for more information.
	#
	# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
	#
	# The strategy used for options in the default sshd_config shipped with
	# OpenSSH is to specify options with their default value where
	# possible, but leave them commented. Uncommented options override the
	# default value.
	#
	#
	# Lines begins with the "#" symbol are comments/notes.
	#
	#
	# in SRVR3 (Server-3) "srvr3.example.com" Server:
	#
	Port 5022
	AddressFamily any
	#ListenAddress 0.0.0.0
	#ListenAddress ::
	ListenAddress SRVR3.IPv4.ADRS
	#ListenAddress SRVR3:IPv6:ADRS1
	#ListenAddress SRVR3:IPv6:ADRS2
	#
	# PermitTunnel : Specifies whether tun(4) device forwarding is allowed. The argument must be yes,
	# point-to-point (layer 3), ethernet (layer 2), or no . Specifying yes permits both point-to-point and
	# ethernet. The default is no . Independent of this setting, the permissions of the selected tun(4) device
	# must allow access to the user.
	#
	Protocol 2
	#
	#ServerKeyBits 16384
	#
	# List of Private/Secret Keys : (the key with ".pub" at-end is public-key)
	HostKey /etc/ssh/ssh_host_rsa_key_SRVR3
	##HostKey /etc/ssh/ssh_host_ecdsa_key
	#HostKey /etc/ssh/ssh_host_ed25519_key_SRVR3
	#
	# Ciphers and keying
	#RekeyLimit default none
	RekeyLimit 100M 1h
	#
	# Logging
	SyslogFacility AUTH
	LogLevel INFO
	#
	# Authentication:
	#
	KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256
	#KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,[email protected],curve25519-sha256
	#KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
	#
	Ciphers [email protected],aes256-ctr
	#Ciphers [email protected],aes256-ctr,[email protected]
	#
	MACs [email protected],hmac-sha2-512,[email protected],hmac-sha2-256
	#
	# Authentication Extra:
	CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa
	#CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519
	HostKeyAlgorithms rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected]
	#HostKeyAlgorithms rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected],ssh-ed25519,[email protected]
	HostbasedAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected]
	#HostbasedAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected],ssh-ed25519,[email protected]
	PubkeyAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected]
	#PubkeyAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected],ssh-ed25519,[email protected]
	#
	#LoginGraceTime 2m
	# PermitRootLogin : Specifies whether root can log in using ssh(1).
	# The argument must be yes, prohibit-password, forced-commands-only, or no.
	# The default is prohibit-password . If this option is set to prohibit-password (or its deprecated alias,
	# without-password), password and keyboard-interactive authentication are disabled for root . If this
	# option is set to forced-commands-only, root login with public key authentication will be allowed, but
	# only if the command option has been specified (which may be useful for taking remote backups even if
	# root login is normally not allowed) . All other authentication methods are disabled for root . If this
	# option is set to no, root is not allowed to log in.
	#PermitRootLogin prohibit-password
	PermitRootLogin no
	#StrictModes yes
	#MaxAuthTries 6
	MaxAuthTries 4
	#MaxSessions 10
	#
	# Expect .ssh/authorized_keys2 to be disregarded by default in future.
	#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
	#
	# Add user's SSH-pub-keys in their $HOME/.ssh/authorized_keys file:
	AuthorizedKeysFile %h/.ssh/authorized_keys
	#
	#AuthorizedPrincipalsFile none
	#
	#AuthorizedKeysCommand none
	#AuthorizedKeysCommandUser nobody
	#
	# AuthenticationMethods : Specifies the authentication methods that must be successfully completed for a
	# user to be granted access. This option must be followed by one or more lists of comma-separated
	# authentication method names, or by the single string any to indicate the default behaviour of accepting
	# any single authentication method. If the default is overridden, then successful authentication requires
	# completion of every method in at least one of these lists.
	# For example, "publickey,password publickey,keyboard-interactive" would require the user to complete
	# public key authentication, followed by either password or keyboard interactive authentication. Only
	# methods that are next in one or more lists are offered at each stage, so for this example it would not
	# be possible to attempt password or keyboard-interactive authentication before public key.
	# For keyboard interactive authentication it is also possible to restrict authentication to a specific
	# device by appending a colon followed by the device identifier bsdauth or pam. depending on the server
	# configuration.
	# For example, "keyboard-interactive:bsdauth" would restrict keyboard interactive authentication to the
	# bsdauth device.
	# If the publickey method is listed more than once, sshd(8) verifies that keys that have been used
	# successfully are not reused for subsequent authentications. For example, "publickey,publickey"
	# requires successful authentication using two different public keys . Note that each authentication
	# method listed should also be explicitly enabled in the configuration . The available authentication
	# methods are: "gssapi-with-mic", "hostbased", "keyboard-interactive", "none" (used for access to
	# password-less accounts when "PermitEmptyPasswords" is enabled), "password" and "publickey".
	#
	#
	PubkeyAuthentication yes
	#RSAAuthentication yes
	#
	# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
	HostbasedAuthentication no
	# Change to yes if you don't trust ~/.ssh/known_hosts for
	# HostbasedAuthentication
	#IgnoreUserKnownHosts no
	# Don't read the user's ~/.rhosts and ~/.shosts files
	IgnoreRhosts yes
	#RhostsRSAAuthentication no
	#
	# To disable tunneled clear text passwords, change both to no here!
	# (after create ssh-key in clients and after adding client's pub-key into this server)
	PasswordAuthentication yes
	PermitEmptyPasswords no
	#
	# Change to yes to enable challenge-response passwords (beware issues with
	# some PAM modules and threads)
	ChallengeResponseAuthentication no
	#
	# Kerberos options
	KerberosAuthentication no
	#KerberosOrLocalPasswd yes
	#KerberosTicketCleanup yes
	#KerberosGetAFSToken no
	#
	# GSSAPI options
	GSSAPIAuthentication no
	#GSSAPICleanupCredentials yes
	#GSSAPIStrictAcceptorCheck yes
	#GSSAPIKeyExchange no
	#
	# Set "UsePAM" to 'yes' to enable PAM authentication, account processing,
	# and session processing. If this is enabled, PAM authentication will
	# be allowed through the ChallengeResponseAuthentication and
	# PasswordAuthentication. Depending on your PAM configuration,
	# PAM authentication via ChallengeResponseAuthentication may bypass
	# the setting of "PermitRootLogin without-password".
	# If you just want the PAM account and session checks to run without
	# PAM authentication, then enable this but set PasswordAuthentication
	# and ChallengeResponseAuthentication to 'no'.
	# UsePAM : Enables the Pluggable Authentication Module interface . If set to yes this will enable
	# PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM
	# account and session module processing for all authentication types . Because PAM challenge-response
	# authentication usually serves an equivalent role to password authentication, you should disable either
	# PasswordAuthentication or ChallengeResponseAuthentication . If UsePAM is enabled, you will not be able
	# to run sshd(8) as a non-root user. The default is no.
	UsePAM yes
	#
	#AllowAgentForwarding yes
	#AllowTcpForwarding yes
	#GatewayPorts no
	#X11Forwarding yes
	X11Forwarding no
	#X11DisplayOffset 10
	#X11UseLocalhost yes
	#PermitTTY yes
	PrintMotd no
	#PrintLastLog yes
	#ClientAliveInterval 0
	ClientAliveInterval 30
	#ClientAliveCountMax 3
	ClientAliveCountMax 1
	#TCPKeepAlive yes
	TCPKeepAlive yes
	#PermitUserEnvironment no
	#UsePrivilegeSeparation yes
	Compression delayed
	#UseDNS no
	# UseDNS : Specifies whether sshd(8) should look up the remote host name, and to check that the resolved
	# host name for the remote IP address maps back to the very same IP address . If this option is set to
	# no (the default) then only addresses and not host names may be used in ~/.ssh/authorized_keys from
	# and sshd_config Match Host directives.
	UseDNS yes
	#PidFile /var/run/sshd.pid
	#MaxStartups 10:30:100
	#PermitTunnel no
	#ChrootDirectory none
	#VersionAddendum none
	#
	# no default banner path
	Banner none
	#
	FingerprintHash SHA256
	# MaxSessions : Specifies the maximum number of open shell, login or subsystem (e.g. sftp) sessions
	# permitted per network connection. Multiple sessions may be established by clients that support
	# connection multiplexing.
	# Setting MaxSessions to 1 will effectively disable session multiplexing, whereas setting it to 0 will
	# prevent all shell, login and subsystem sessions while still permitting forwarding. The default is 10.
	#
	# Allow client to pass locale environment variables
	AcceptEnv LANG LC_*
	#
	# override default of no subsystems
	Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
	#
	# Example of overriding settings on a per-user basis
	#Match User anoncvs
	# X11Forwarding no
	# AllowTcpForwarding no
	# PermitTTY no
	# ForceCommand cvs server
	#
	#
	# Match (keywords:User\|Group\|Host\|LocalAddress\|LocalPort\|RDomain\|Address\|All) pattern
	# Under a Match block only these keywords are allowed to override above global settings:
	# AcceptEnv, AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding, AllowTcpForwarding, AllowUsers,
	# AuthenticationMethods, AuthorizedKeysCommand, AuthorizedKeysCommandUser, AuthorizedKeysFile,
	# AuthorizedPrincipalsCommand, AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile, Banner,
	# ChrootDirectory, ClientAliveCountMax, ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand,
	# GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, HostbasedAuthentication,
	# HostbasedUsesNameFromPacketOnly, IPQoS, KbdInteractiveAuthentication, KerberosAuthentication, LogLevel,
	# MaxAuthTries, MaxSessions, PasswordAuthentication, PermitEmptyPasswords, PermitListen, PermitOpen,
	# PermitRootLogin, PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, PubkeyAuthentication,
	# RekeyLimit, RevokedKeys, RDomain, SetEnv, StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys,
	# X11DisplayOffset, X11Forwarding and X11UseLocalHost.
	#
	#
	# From Debian-1 computer
	Match Address DEB1.PC.IPv4.ADRS
	#ClientAliveInterval 0
	ClientAliveInterval 30
	#ClientAliveCountMax 3
	ClientAliveCountMax 1
	PubkeyAuthentication yes
	PubkeyAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected]
	HostbasedAuthentication yes
	HostbasedAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected]
	PasswordAuthentication no
	PermitRootLogin yes
	MaxAuthTries 10
	#
	#
	# From Debian-2 computer
	Match Address DEB2.PC.IPv4.ADRS
	#ClientAliveInterval 0
	ClientAliveInterval 30
	#ClientAliveCountMax 3
	ClientAliveCountMax 1
	PubkeyAuthentication yes
	PubkeyAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected]
	HostbasedAuthentication yes
	HostbasedAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected]
	PasswordAuthentication no
	PermitRootLogin yes
	MaxAuthTries 10
	#
	#
	# For macOS clients/computers, keep "ssh-rsa" included:
	Match Address AtErikLoc1.IPv4.ADRS,AtErikLoc2.IPv4.ADRS User root
	#ClientAliveInterval 0
	ClientAliveInterval 18
	#ClientAliveCountMax 3
	ClientAliveCountMax 2
	PubkeyAuthentication yes
	PubkeyAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected]
	#PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected]
	#PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],ssh-ed25519,[email protected]
	HostbasedAuthentication yes
	HostbasedAcceptedKeyTypes rsa-sha2-512,[email protected],rsa-sha2-256,[email protected],ssh-rsa,[email protected]
	#HostbasedAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected]
	#HostbasedAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],ssh-ed25519,[email protected]
	PasswordAuthentication no
	PermitRootLogin yes
	MaxAuthTries 10
	#
	#
	Match Address AtErikLoc1.IPv4.ADRS,AtErikLoc2.IPv4.ADRS User erik
	#ClientAliveInterval 0
	ClientAliveInterval 18
	#ClientAliveCountMax 3
	ClientAliveCountMax 2
	PubkeyAuthentication yes
	PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected]
	#PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],ssh-ed25519,[email protected]
	HostbasedAuthentication no
	HostbasedAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected]
	#HostbasedAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],ssh-ed25519,[email protected]
	PasswordAuthentication no
	PermitRootLogin no
	MaxAuthTries 10
	#
	#