[P] Reading node descriptor [P] Starting compiler [P] Compiling node config [P] Loading module [service/ssh] [P] Loading handlers [P] apt:keys -> keys [P] apt:sources -> sources [P] apt:install -> packages [P] apt:purge -> packages [P] apt:remove -> packages [P] trigger:pre -> /etc/ssh/sshd_config [P] trigger:pre -> /etc/hostname [P] files:mkdir -> /root/.ssh [P] files:components -> /etc/metaconfig/res/service/ssh [P] files:output -> output [P] trigger:post -> /etc/ssh/sshd_config [P] trigger:post -> /etc/hostname [P] trigger:execute -> execute [*] Would change file [/etc/ssh/ssh_config]: - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. +## ------------------------------------------ +## Generated by MetaConfig +## +## THIS FILE IS AUTOMATICALLY GENERATED. +## DO NOT EDIT. ALL CHANGES WILL BE LOST. +## ------------------------------------------ Host * -# ForwardAgent no -# ForwardX11 no -# ForwardX11Trusted yes -# RhostsRSAAuthentication no -# RSAAuthentication yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# GSSAPIKeyExchange no -# GSSAPITrustDNS no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no - SendEnv LANG LC_* - HashKnownHosts yes - GSSAPIAuthentication yes - GSSAPIDelegateCredentials no + Protocol 2 + SendEnv LANG LC_* SOZ_PROFILES + HashKnownHosts yes + +Host zeus.sikkerhed.org athena.sikkerhed.org ares.sikkerhed.org hera.sikkerhed.org + ForwardAgent yes + +Host build32.sikkerhed.org build64.sikkerhed.org + ForwardAgent yes + User software + +Host boreas.sikkerhed.org + Port 22037 + +Host fs0.office.filmgear.dk + Port 22050 +Host monitor0.office.filmgear.dk + Port 22060 + +Host fs0.office.christmastree.dk + Port 22050 +Host fs1.office.christmastree.dk + Port 22051 + +Host fs0.office.fdim.dk + Port 22050 + +Host mmc.mobilenation.dk + ForwardAgent yes + [*] Would change file [/etc/ssh/sshd_config]: -# Package generated configuration file -# See the sshd(8) manpage for details - -# What ports, IPs and protocols we listen for +## ------------------------------------------ +## Generated by MetaConfig +## +## THIS FILE IS AUTOMATICALLY GENERATED. +## DO NOT EDIT. ALL CHANGES WILL BE LOST. +## ------------------------------------------ Port 22 -# Use these options to restrict which interfaces/protocols sshd will bind to -#ListenAddress :: -#ListenAddress 0.0.0.0 Protocol 2 -# HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key -#Privilege Separation is turned on for security + +UsePAM yes UsePrivilegeSeparation yes +PermitRootLogin without-password +StrictModes yes +MaxStartups 10:30:60 +LoginGraceTime 120 +TCPKeepAlive yes -# Lifetime and size of ephemeral version 1 server key -KeyRegenerationInterval 3600 -ServerKeyBits 768 +Subsystem sftp /usr/lib/openssh/sftp-server -# Logging SyslogFacility AUTH LogLevel INFO -# Authentication: -LoginGraceTime 120 -PermitRootLogin yes -StrictModes yes - -RSAAuthentication yes -PubkeyAuthentication yes -#AuthorizedKeysFile %h/.ssh/authorized_keys +PrintMotd no +PrintLastLog yes +AcceptEnv LANG EDITOR LC_* SOZ_PROFILES -# Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts +ChallengeResponseAuthentication no +PermitEmptyPasswords no +PasswordAuthentication yes RhostsRSAAuthentication no -# similar for protocol version 2 HostbasedAuthentication no -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes -# To enable empty passwords, change to yes (NOT RECOMMENDED) -PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Change to no to disable tunnelled clear text passwords -#PasswordAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosGetAFSToken no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes +PubkeyAuthentication yes +GatewayPorts clientspecified X11Forwarding yes X11DisplayOffset 10 -PrintMotd no -PrintLastLog yes -TCPKeepAlive yes -#UseLogin no - -#MaxStartups 10:30:60 -#Banner /etc/issue.net - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -Subsystem sftp /usr/lib/openssh/sftp-server - -UsePAM yes [*] Would have run trigger ["invoke-rc.d", "ssh", "restart"] with mask [/etc/ssh/sshd_config] for files [/etc/ssh/sshd_config] [*] Plan finished