{"id":5833,"date":"2022-07-12T00:42:15","date_gmt":"2022-07-12T00:42:15","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=5833"},"modified":"2024-03-13T23:09:11","modified_gmt":"2024-03-13T23:09:11","slug":"open-ssh-config-on-a-windows-box","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/open-ssh-config-on-a-windows-box","title":{"rendered":"Open SSH Config on a Windows Box"},"content":{"rendered":"\n
# This is the sshd server system-wide configuration file.  See\r\n# sshd_config(5) for more information.\r\n\r\n# The strategy used for options in the default sshd_config shipped with\r\n# OpenSSH is to specify options with their default value where\r\n# possible, but leave them commented.  Uncommented options override the\r\n# default value.\r\n\r\n#Port 22\r\n#AddressFamily any\r\n#ListenAddress 0.0.0.0\r\n#ListenAddress ::\r\n\r\n#HostKey __PROGRAMDATA__\/ssh\/ssh_host_rsa_key\r\n#HostKey __PROGRAMDATA__\/ssh\/ssh_host_dsa_key\r\n#HostKey __PROGRAMDATA__\/ssh\/ssh_host_ecdsa_key\r\n#HostKey __PROGRAMDATA__\/ssh\/ssh_host_ed25519_key\r\n\r\n# Ciphers and keying\r\n#RekeyLimit default none\r\n\r\n# Logging\r\n#SyslogFacility AUTH\r\n#LogLevel INFO\r\n\r\n# Authentication:\r\n\r\n#LoginGraceTime 2m\r\n#PermitRootLogin prohibit-password\r\n#StrictModes yes\r\n#MaxAuthTries 6\r\n#MaxSessions 10\r\n\r\n#PubkeyAuthentication yes\r\n\r\n# The default is to check both .ssh\/authorized_keys and .ssh\/authorized_keys2\r\n# but this is overridden so installations will only check .ssh\/authorized_keys\r\nAuthorizedKeysFile\t.ssh\/authorized_keys\r\n\r\n#AuthorizedPrincipalsFile none\r\n\r\n# For this to work you will also need host keys in %programData%\/ssh\/ssh_known_hosts\r\n#HostbasedAuthentication no\r\n# Change to yes if you don't trust ~\/.ssh\/known_hosts for\r\n# HostbasedAuthentication\r\n#IgnoreUserKnownHosts no\r\n# Don't read the user's ~\/.rhosts and ~\/.shosts files\r\n#IgnoreRhosts yes\r\n\r\n# To disable tunneled clear text passwords, change to no here!\r\n#PasswordAuthentication yes\r\n#PermitEmptyPasswords no\r\n\r\n# GSSAPI options\r\n#GSSAPIAuthentication no\r\n\r\n#AllowAgentForwarding yes\r\n#AllowTcpForwarding yes\r\n#GatewayPorts no\r\n#PermitTTY yes\r\n#PrintMotd yes\r\n#PrintLastLog yes\r\n#TCPKeepAlive yes\r\n#UseLogin no\r\n#PermitUserEnvironment no\r\n#ClientAliveInterval 0\r\n#ClientAliveCountMax 3\r\n#UseDNS no\r\n#PidFile \/var\/run\/sshd.pid\r\n#MaxStartups 10:30:100\r\n#PermitTunnel no\r\n#ChrootDirectory none\r\n#VersionAddendum none\r\n\r\n# no default banner path\r\n#Banner none\r\n\r\n# override default of no subsystems\r\n#Subsystem\tsftp\tsftp-server.exe\r\n#Subsystem\tsftp\tsftp-server.exe -d E:\\SFTP\\\r\n\r\n#Locldown commands\r\n\r\nSubsystem\tsftp\tinternal-sftp\r\n\r\nAllowUsers domain\\user \r\n\r\n#case sensitive make sure User is lowercase\r\nMatch User atlasarteria\\user\r\nChrootDirectory E:\\SFTP\\\r\n\r\n# Disable tunneling, authentication agent, TCP and X11 forwarding.\r\n# Below parameters are recommended as best practice to prevent certain security bypassing\r\nPermitTunnel no\r\nAllowAgentForwarding no\r\nAllowTcpForwarding no\r\nX11Forwarding no\r\nGatewayPorts no\r\n\r\n\r\nMatch Group administrators\r\n       AuthorizedKeysFile __PROGRAMDATA__\/ssh\/administrators_authorized_keys<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[3832,3699],"class_list":["post-5833","post","type-post","status-publish","format-standard","hentry","category-research","tag-openssh","tag-sftp"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t