Created
June 18, 2017 16:36
-
-
Save komuw/f2cf9c2d5006c5132d5becfc64149f90 to your computer and use it in GitHub Desktop.
sshd_config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # created using both https://wiki.mozilla.org/Security/Guidelines/OpenSSH and https://stribika.github.io/2015/01/04/secure-secure-shell.html | |
| Protocol 2 | |
| # Supported HostKey algorithms by order of preference. | |
| HostKey /etc/ssh/ssh_host_ed25519_key | |
| HostKey /etc/ssh/ssh_host_rsa_key | |
| KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 | |
| Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com | |
| # Password based logins are disabled - only public key based logins are allowed. | |
| AuthenticationMethods publickey | |
| # LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in. | |
| LogLevel VERBOSE | |
| # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise. | |
| Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO | |
| # Root login is not allowed for auditing reasons. This is because it's difficult to track which process belongs to which root user: | |
| # | |
| # On Linux, user sessions are tracking using a kernel-side session id, however, this session id is not recorded by OpenSSH. | |
| # Additionally, only tools such as systemd and auditd record the process session id. | |
| # On other OSes, the user session id is not necessarily recorded at all kernel-side. | |
| # Using regular users in combination with /bin/su or /usr/bin/sudo ensure a clear audit track. | |
| PermitRootLogin No | |
| LoginGraceTime 120 | |
| # Use kernel sandbox mechanisms where possible in unprivileged processes | |
| # Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere. | |
| UsePrivilegeSeparation sandbox | |
| # this feature isn't yet supported; re-enable it when it becomes supported. | |
| # UseRoaming no |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ansible MY-IP -m ping -i inventory/my_inventory -vvvvNo config file found; using defaults
Loading callback plugin minimal of type stdout, v2.0 from /usr/local/lib/python2.7/dist-packages/ansible/plugins/callback/init.pyc
META: ran handlers
Using module file /usr/local/lib/python2.7/dist-packages/ansible/modules/system/ping.py
ESTABLISH SSH CONNECTION FOR USER: ubuntu
SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home//.ansible/cp/3375962204 MY-IP '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
(0, '/home/ubuntu\n', 'OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016\r\ndebug1: Reading configuration data /home//.ssh/config\r\ndebug1: /home//.ssh/config line 35: Applying options for MY-IP\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 11663\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
ESTABLISH SSH CONNECTION FOR USER: ubuntu
SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home//.ansible/cp/3375962204 MY-IP '/bin/sh -c '"'"'( umask 77 && mkdir -p "
echo /home/ubuntu/.ansible/tmp/ansible-tmp-1497803914.87-158075027821678" && echo ansible-tmp-1497803914.87-158075027821678="echo /home/ubuntu/.ansible/tmp/ansible-tmp-1497803914.87-158075027821678" ) && sleep 0'"'"''(0, 'ansible-tmp-1497803914.87-158075027821678=/home/ubuntu/.ansible/tmp/ansible-tmp-1497803914.87-158075027821678\n', 'OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016\r\ndebug1: Reading configuration data /home//.ssh/config\r\ndebug1: /home//.ssh/config line 35: Applying options for MY-IP\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 11663\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
PUT /tmp/tmpODK6LZ TO /home/ubuntu/.ansible/tmp/ansible-tmp-1497803914.87-158075027821678/ping.py
SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home//.ansible/cp/3375962204 '[MY-IP]'
(255, '', 'OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016\r\ndebug1: Reading configuration data /home//.ssh/config\r\ndebug1: /home//.ssh/config line 35: Applying options for MY-IP\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 11663\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 127\r\nConnection closed\r\n')
MY-IP | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016\r\ndebug1: Reading configuration data /home//.ssh/config\r\ndebug1: /home//.ssh/config line 35: Applying options for MY-IP\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 11663\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 127\r\nConnection closed\r\n",
"unreachable": true
}