Pastebin

[P] Reading node descriptor
[P] Starting compiler
[P] Compiling node config
[P] Loading module [service/ssh]
[P] Loading handlers
[P] apt:keys -> keys
[P] apt:sources -> sources
[P] apt:install -> packages
[P] apt:purge -> packages
[P] apt:remove -> packages
[P] trigger:pre -> /etc/ssh/sshd_config
[P] trigger:pre -> /etc/hostname
[P] files:mkdir -> /root/.ssh
[P] files:components -> /etc/metaconfig/res/service/ssh
[P] files:output -> output
[P] trigger:post -> /etc/ssh/sshd_config
[P] trigger:post -> /etc/hostname
[P] trigger:execute -> execute
[*] Would change file [/etc/ssh/ssh_config]:
    -
    -# This is the ssh client system-wide configuration file.  See
    -# ssh_config(5) for more information.  This file provides defaults for
    -# users, and the values can be changed in per-user configuration files
    -# or on the command line.
    -
    -# Configuration data is parsed as follows:
    -#  1. command line options
    -#  2. user-specific file
    -#  3. system-wide file
    -# Any configuration value is only changed the first time it is set.
    -# Thus, host-specific definitions should be at the beginning of the
    -# configuration file, and defaults at the end.
    -
    -# Site-wide defaults for some commonly used options.  For a comprehensive
    -# list of available options, their meanings and defaults, please see the
    -# ssh_config(5) man page.
    -
    +## ------------------------------------------
    +## Generated by MetaConfig
    +##
    +## THIS FILE IS AUTOMATICALLY GENERATED.
    +## DO NOT EDIT. ALL CHANGES WILL BE LOST.
    +## ------------------------------------------
     Host *
    -#   ForwardAgent no
    -#   ForwardX11 no
    -#   ForwardX11Trusted yes
    -#   RhostsRSAAuthentication no
    -#   RSAAuthentication yes
    -#   PasswordAuthentication yes
    -#   HostbasedAuthentication no
    -#   GSSAPIAuthentication no
    -#   GSSAPIDelegateCredentials no
    -#   GSSAPIKeyExchange no
    -#   GSSAPITrustDNS no
    -#   BatchMode no
    -#   CheckHostIP yes
    -#   AddressFamily any
    -#   ConnectTimeout 0
    -#   StrictHostKeyChecking ask
    -#   IdentityFile ~/.ssh/identity
    -#   IdentityFile ~/.ssh/id_rsa
    -#   IdentityFile ~/.ssh/id_dsa
    -#   Port 22
    -#   Protocol 2,1
    -#   Cipher 3des
    -#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    -#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
    -#   EscapeChar ~
    -#   Tunnel no
    -#   TunnelDevice any:any
    -#   PermitLocalCommand no
    -    SendEnv LANG LC_*
    -    HashKnownHosts yes
    -    GSSAPIAuthentication yes
    -    GSSAPIDelegateCredentials no
    +   Protocol 2
    +   SendEnv LANG LC_*
    +   HashKnownHosts yes
[*] Would change file [/etc/ssh/sshd_config]:
    -# Package generated configuration file
    -# See the sshd(8) manpage for details
    -
    -# What ports, IPs and protocols we listen for
    +## ------------------------------------------
    +## Generated by MetaConfig
    +##
    +## THIS FILE IS AUTOMATICALLY GENERATED.
    +## DO NOT EDIT. ALL CHANGES WILL BE LOST.
    +## ------------------------------------------
     Port 22
    -# Use these options to restrict which interfaces/protocols sshd will bind to
    -#ListenAddress ::
    -#ListenAddress 0.0.0.0
     Protocol 2
    -# HostKeys for protocol version 2
     HostKey /etc/ssh/ssh_host_rsa_key
     HostKey /etc/ssh/ssh_host_dsa_key
    -#Privilege Separation is turned on for security
    +
    +UsePAM yes
     UsePrivilegeSeparation yes
    +PermitRootLogin without-password
    +StrictModes yes
    +MaxStartups 10:30:60
    +LoginGraceTime 120
    +TCPKeepAlive yes
     
    -# Lifetime and size of ephemeral version 1 server key
    -KeyRegenerationInterval 3600
    -ServerKeyBits 768
    +Subsystem sftp /usr/lib/openssh/sftp-server
     
    -# Logging
     SyslogFacility AUTH
     LogLevel INFO
     
    -# Authentication:
    -LoginGraceTime 120
    -PermitRootLogin yes
    -StrictModes yes
    -
    -RSAAuthentication yes
    -PubkeyAuthentication yes
    -#AuthorizedKeysFile	%h/.ssh/authorized_keys
    +PrintMotd no
    +PrintLastLog yes
    +AcceptEnv LANG EDITOR LC_*
     
    -# Don't read the user's ~/.rhosts and ~/.shosts files
     IgnoreRhosts yes
    -# For this to work you will also need host keys in /etc/ssh_known_hosts
    +ChallengeResponseAuthentication no
    +PermitEmptyPasswords no
    +PasswordAuthentication yes
     RhostsRSAAuthentication no
    -# similar for protocol version 2
     HostbasedAuthentication no
    -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    -#IgnoreUserKnownHosts yes
    -
    -# To enable empty passwords, change to yes (NOT RECOMMENDED)
    -PermitEmptyPasswords no
    -
    -# Change to yes to enable challenge-response passwords (beware issues with
    -# some PAM modules and threads)
    -ChallengeResponseAuthentication no
    -
    -# Change to no to disable tunnelled clear text passwords
    -#PasswordAuthentication yes
    -
    -# Kerberos options
    -#KerberosAuthentication no
    -#KerberosGetAFSToken no
    -#KerberosOrLocalPasswd yes
    -#KerberosTicketCleanup yes
    -
    -# GSSAPI options
    -#GSSAPIAuthentication no
    -#GSSAPICleanupCredentials yes
    +PubkeyAuthentication yes
     
    +GatewayPorts clientspecified
     X11Forwarding yes
     X11DisplayOffset 10
    -PrintMotd no
    -PrintLastLog yes
    -TCPKeepAlive yes
    -#UseLogin no
    -
    -#MaxStartups 10:30:60
    -#Banner /etc/issue.net
    -
    -# Allow client to pass locale environment variables
    -AcceptEnv LANG LC_*
    -
    -Subsystem sftp /usr/lib/openssh/sftp-server
    -
    -UsePAM yes
[*] Would have run trigger ["invoke-rc.d", "ssh", "restart"] with mask [/etc/ssh/sshd_config] for files [/etc/ssh/sshd_config]
[*] Plan finished