maybe chmod 0644 'config-archive/etc/bash/bashrc.1'
maybe chmod 0644 'config-archive/etc/bash/bashrc.2'
maybe chmod 0644 'config-archive/etc/bash/bashrc.3'
+maybe chmod 0644 'config-archive/etc/bash/bashrc.4'
maybe chmod 0755 'config-archive/etc/bash/bashrc.d'
maybe chmod 0644 'config-archive/etc/bash/bashrc.d/bash_completion.sh'
maybe chmod 0644 'config-archive/etc/bash/bashrc.d/bash_completion.sh.dist.new'
maybe chmod 0600 'config-archive/etc/ssh/sshd_config.3'
maybe chmod 0600 'config-archive/etc/ssh/sshd_config.4'
maybe chmod 0600 'config-archive/etc/ssh/sshd_config.5'
+maybe chmod 0600 'config-archive/etc/ssh/sshd_config.6'
maybe chmod 0600 'config-archive/etc/ssh/sshd_config.dist'
maybe chmod 0755 'config-archive/etc/ssl'
maybe chmod 0755 'config-archive/etc/ssl/certs'
# past this point for scp and rcp, and it's important to refrain from
# outputting anything in those cases.
if [[ $- != *i* ]] ; then
- # Shell is non-interactive. Be done now!
- return
+ # Shell is non-interactive. Be done now!
+ return
fi
# Bash won't get SIGWINCH if another process is in the foreground.
# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11)
shopt -s checkwinsize
-# Enable history appending instead of overwriting. #139609
+# Disable completion when the input buffer is empty. i.e. Hitting tab
+# and waiting a long time for bash to expand all of $PATH.
+shopt -s no_empty_cmd_completion
+
+# Enable history appending instead of overwriting when exiting. #139609
shopt -s histappend
+# Save each command to the history file as it's executed. #517342
+# This does mean sessions get interleaved when reading later on, but this
+# way the history is always up to date. History is not synced across live
+# sessions though; that is what `history -n` does.
+# Disabled by default due to concerns related to system recovery when $HOME
+# is under duress, or lives somewhere flaky (like NFS). Constantly syncing
+# the history will halt the shell prompt until it's finished.
+PROMPT_COMMAND='history -a'
+
# Change the window title of X terminals
case ${TERM} in
xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*)
- PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
+ PROMPT_COMMAND='history -a; echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
;;
screen*)
- PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
+ PROMPT_COMMAND='history -a; echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
;;
esac
export LESSCOLOR=yes
export LESSCHARSET="utf-8"
-# Change the window title of X terminals
-case $TERM in
- xterm*|rxvt|Eterm|eterm)
- PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\007"'
- ;;
- screen)
- PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\033\\"'
- ;;
-esac
-
if [ -f /usr/share/mc/mc.gentoo ]; then
. /usr/share/mc/mc.gentoo
fi
-#if [ -f /etc/profile.d/bash-completion ]; then
-# . /etc/profile.d/bash-completion
-#fi
+for sh in /etc/bash/bashrc.d/* ; do
+ [[ -r ${sh} ]] && source "${sh}"
+done
if type -t __git_ps1 >/dev/null ; then
if ${use_color} ; then
fi
fi
+if [[ -d "$HOME/lib" ]] ; then
+ if [[ -d "$HOME/lib/perl" ]] ; then
+ if [[ -z "${PERL5LIB}" ]] ; then
+ export PERL5LIB="$HOME/lib/perl"
+ else
+ export PERL5LIB="$HOME/lib/perl:${PERL5LIB}"
+ fi
+ fi
+ if [[ -d "$HOME/lib/python" ]] ; then
+ if [[ -z "${PYTHONPATH}" ]] ; then
+ export PYTHONPATH="$HOME/lib/python"
+ else
+ export PYTHONPATH="$HOME/lib/python:${PYTHONPATH}"
+ fi
+ fi
+fi
# Try to keep environment pollution down, EPA loves us.
-unset use_color safe_term match_lhs
+unset use_color safe_term match_lhs sh
# vim: ts=4 expandtab
# Change the window title of X terminals
case ${TERM} in
- xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix)
+ xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
;;
screen*)
# . /etc/profile.d/bash-completion
#fi
-if [ -e /etc/bash_completion.d/git -o "${HOME}"/.bash_completion.d/git ] ; then
- #echo "/etc/bash_completion.d/git or ${HOME}/.bash_completion.d/git exists ..."
+if type -t __git_ps1 >/dev/null ; then
if ${use_color} ; then
if [ "$UID" = 0 ]; then
PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]'
# Change the window title of X terminals
case ${TERM} in
- xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix)
- PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
- ;;
- screen)
- PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
- ;;
+ xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix)
+ PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
+ ;;
+ screen*)
+ PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
+ ;;
esac
use_color=false
[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
[[ -z ${match_lhs} ]] \
- && type -P dircolors >/dev/null \
- && match_lhs=$(dircolors --print-database)
+ && type -P dircolors >/dev/null \
+ && match_lhs=$(dircolors --print-database)
[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true
if ${use_color} ; then
alias ls='ls --color=auto'
alias grep='grep --colour=auto'
+ alias egrep='egrep --colour=auto'
+ alias fgrep='fgrep --colour=auto'
else
if [[ ${EUID} == 0 ]] ; then
# show root@ when we don't have colors
else
alias ll="ls -l"
fi
+alias l="ls -l"
alias la="ls -la"
alias md=mkdir
alias rd=rmdir
if [ -d /usr/scripts ] ; then
- PATH=/usr/scripts:$PATH
- export PATH
+ PATH=/usr/scripts:$PATH
+ export PATH
fi
if [ -d $HOME/bin ] ; then
- PATH=$PATH:$HOME/bin
- export PATH
+ PATH=$PATH:$HOME/bin
+ export PATH
fi
if [ -d $HOME/lib ] ; then
- PERL5LIB=$HOME/lib
- export PERL5LIB
+ PERL5LIB=$HOME/lib
+ export PERL5LIB
fi
# Test for an interactive shell. There is no need to set anything
# past this point for scp and rcp, and it's important to refrain from
# outputting anything in those cases.
if [[ $- != *i* ]] ; then
- # Shell is non-interactive. Be done now!
- return
+ # Shell is non-interactive. Be done now!
+ return
fi
# Bash won't get SIGWINCH if another process is in the foreground.
# Change the window title of X terminals
case ${TERM} in
- xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix)
- PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
- ;;
- screen)
- PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
- ;;
+ xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix)
+ PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
+ ;;
+ screen)
+ PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
+ ;;
esac
use_color=false
[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
[[ -z ${match_lhs} ]] \
- && type -P dircolors >/dev/null \
- && match_lhs=$(dircolors --print-database)
+ && type -P dircolors >/dev/null \
+ && match_lhs=$(dircolors --print-database)
[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true
if ${use_color} ; then
HISTCONTROL=ignoreboth
-HISTSIZE=5000
-HISTFILESIZE=5000
+HISTSIZE=50000
+HISTFILESIZE=50000
HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S '
export LESSCOLOR=yes
+export LESSCHARSET="utf-8"
# Change the window title of X terminals
case $TERM in
. /usr/share/mc/mc.gentoo
fi
-if [ -f /etc/profile.d/bash-completion ]; then
- . /etc/profile.d/bash-completion
+#if [ -f /etc/profile.d/bash-completion ]; then
+# . /etc/profile.d/bash-completion
+#fi
+
+if [ -e /etc/bash_completion.d/git -o "${HOME}"/.bash_completion.d/git ] ; then
+ #echo "/etc/bash_completion.d/git or ${HOME}/.bash_completion.d/git exists ..."
+ if ${use_color} ; then
+ if [ "$UID" = 0 ]; then
+ PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]'
+ else
+ PS1='$? \[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] > \[\033[00m\]'
+ fi
+ else
+ if [ "$UID" = 0 ]; then
+ PS1='$? \h:\w$(__git_ps1) \$ '
+ else
+ PS1='$? \u@\h:\w$(__git_ps1) > '
+ fi
+ fi
fi
# Try to keep environment pollution down, EPA loves us.
unset use_color safe_term match_lhs
+
+# vim: ts=4 expandtab
--- /dev/null
+# /etc/bash/bashrc
+#
+# This file is sourced by all *interactive* bash shells on startup,
+# including some apparently interactive shells such as scp and rcp
+# that can't tolerate any output. So make sure this doesn't display
+# anything or bad things will happen !
+
+
+if [ -d /usr/scripts ] ; then
+ PATH=/usr/scripts:$PATH
+ export PATH
+fi
+
+if [ -d $HOME/bin ] ; then
+ PATH=$PATH:$HOME/bin
+ export PATH
+fi
+
+if [ -d $HOME/lib ] ; then
+ PERL5LIB=$HOME/lib
+ export PERL5LIB
+fi
+
+# Test for an interactive shell. There is no need to set anything
+# past this point for scp and rcp, and it's important to refrain from
+# outputting anything in those cases.
+if [[ $- != *i* ]] ; then
+ # Shell is non-interactive. Be done now!
+ return
+fi
+
+# Bash won't get SIGWINCH if another process is in the foreground.
+# Enable checkwinsize so that bash will check the terminal size when
+# it regains control. #65623
+# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11)
+shopt -s checkwinsize
+
+# Enable history appending instead of overwriting. #139609
+shopt -s histappend
+
+# Change the window title of X terminals
+case ${TERM} in
+ xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix)
+ PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
+ ;;
+ screen)
+ PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
+ ;;
+esac
+
+use_color=false
+
+# Set colorful PS1 only on colorful terminals.
+# dircolors --print-database uses its own built-in database
+# instead of using /etc/DIR_COLORS. Try to use the external file
+# first to take advantage of user additions. Use internal bash
+# globbing instead of external grep binary.
+safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM
+match_lhs=""
+[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
+[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
+[[ -z ${match_lhs} ]] \
+ && type -P dircolors >/dev/null \
+ && match_lhs=$(dircolors --print-database)
+[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true
+
+if ${use_color} ; then
+ # Enable colors for ls, etc. Prefer ~/.dir_colors #64489
+ if type -P dircolors >/dev/null ; then
+ if [[ -f ~/.dir_colors ]] ; then
+ eval $(dircolors -b ~/.dir_colors)
+ elif [[ -f /etc/DIR_COLORS ]] ; then
+ eval $(dircolors -b /etc/DIR_COLORS)
+ fi
+ fi
+
+ if [[ ${EUID} == 0 ]] ; then
+ #PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] '
+ PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w \$ \[\033[00m\]'
+ #PS1='$? \[\033[01;31m\]Gentoo (chroot)\[\033[01;30m\]:\[\033[01;34m\]\w \$ \[\033[00m\]'
+ else
+ #PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
+ PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w > \[\033[00m\]'
+ fi
+
+ alias ls='ls --color=auto'
+ alias grep='grep --colour=auto'
+else
+ if [[ ${EUID} == 0 ]] ; then
+ # show root@ when we don't have colors
+ PS1='\u@\h \W \$ '
+ else
+ PS1='\u@\h \w \$ '
+ fi
+fi
+
+if [[ ${EUID} == 0 ]] ; then
+ alias ll="ls -lA"
+else
+ alias ll="ls -l"
+fi
+alias la="ls -la"
+alias md=mkdir
+alias rd=rmdir
+alias ..='cd ..'
+alias ...='cd ../..'
+alias cd..='cd ..'
+alias cd...='cd ../..'
+alias pl="ps -fu $USER"
+grep='grep --colour=auto'
+alias cpwd='cd `realpath .`'
+
+lcd() {
+ cd $( perl -e '
+use strict;
+use Cwd;
+my $new = shift;
+my $cwd = Cwd::abs_path(getcwd());
+my $newa = $cwd;
+if ($new){
+ $newa = Cwd::abs_path($new);
+ $newa = $cwd unless $newa;
+};
+printf("%s\n", $newa);
+' $1 )
+}
+
+
+HISTCONTROL=ignoreboth
+HISTSIZE=5000
+HISTFILESIZE=5000
+HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S '
+
+export LESSCOLOR=yes
+
+# Change the window title of X terminals
+case $TERM in
+ xterm*|rxvt|Eterm|eterm)
+ PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\007"'
+ ;;
+ screen)
+ PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\033\\"'
+ ;;
+esac
+
+if [ -f /usr/share/mc/mc.gentoo ]; then
+ . /usr/share/mc/mc.gentoo
+fi
+
+if [ -f /etc/profile.d/bash-completion ]; then
+ . /etc/profile.d/bash-completion
+fi
+
+
+
+# Try to keep environment pollution down, EPA loves us.
+unset use_color safe_term match_lhs
# Change the window title of X terminals
case ${TERM} in
- xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*)
+ [aEkx]term*|rxvt*|gnome*|konsole*|interix)
PS1='\[\033]0;\u@\h:\w\007\]'
;;
screen*)
;;
esac
-use_color=false
-
# Set colorful PS1 only on colorful terminals.
# dircolors --print-database uses its own built-in database
# instead of using /etc/DIR_COLORS. Try to use the external file
-# first to take advantage of user additions. Use internal bash
-# globbing instead of external grep binary.
-safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM
-match_lhs=""
-[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
-[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
-[[ -z ${match_lhs} ]] \
- && type -P dircolors >/dev/null \
- && match_lhs=$(dircolors --print-database)
-[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true
-
-if ${use_color} ; then
+# first to take advantage of user additions.
+# We run dircolors directly due to its changes in file syntax and
+# terminal name patching.
+use_color=false
+if type -P dircolors >/dev/null ; then
# Enable colors for ls, etc. Prefer ~/.dir_colors #64489
- if type -P dircolors >/dev/null ; then
- if [[ -f ~/.dir_colors ]] ; then
- eval $(dircolors -b ~/.dir_colors)
- elif [[ -f /etc/DIR_COLORS ]] ; then
- eval $(dircolors -b /etc/DIR_COLORS)
- fi
+ LS_COLORS=
+ if [[ -f ~/.dir_colors ]] ; then
+ eval "$(dircolors -b ~/.dir_colors)"
+ elif [[ -f /etc/DIR_COLORS ]] ; then
+ eval "$(dircolors -b /etc/DIR_COLORS)"
+ else
+ eval "$(dircolors -b)"
fi
+ # Note: We always evaluate the LS_COLORS setting even when it's the
+ # default. If it isn't set, then `ls` will only colorize by default
+ # based on file attributes and ignore extensions (even the compiled
+ # in defaults of dircolors). #583814
+ if [[ -n ${LS_COLORS:+set} ]] ; then
+ use_color=true
+ else
+ # Delete it if it's empty as it's useless in that case.
+ unset LS_COLORS
+ fi
+else
+ # Some systems (e.g. BSD & embedded) don't typically come with
+ # dircolors so we need to hardcode some terminals in here.
+ case ${TERM} in
+ [aEkx]term*|rxvt*|gnome*|konsole*|screen|cons25|*color) use_color=true;;
+ esac
+fi
+if ${use_color} ; then
if [[ ${EUID} == 0 ]] ; then
PS1+='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] '
else
done
# Try to keep environment pollution down, EPA loves us.
-unset use_color safe_term match_lhs sh
+unset use_color sh
-# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $
+# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
PrintLastLog no
#TCPKeepAlive yes
#UseLogin no
-UsePrivilegeSeparation sandbox # Default for new installations.
+#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
# override default of no subsystems
Subsystem sftp /usr/lib64/misc/sftp-server
-# the following are HPN related configuration options
-# tcp receive buffer polling. disable in non autotuning kernels
-#TcpRcvBufPoll yes
-
-# disable hpn performance boosts
-#HPNDisabled no
-
-# buffer size for hpn to non-hpn connections
-#HPNBufferSize 2048
-
-
-# allow the use of the none cipher
-#NoneEnabled no
-
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
-# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $
+# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
#LoginGraceTime 2m
#PermitRootLogin no
+#PermitRootLogin prohibit-password
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
-# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
+# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# Authentication:
#LoginGraceTime 2m
-#PermitRootLogin yes
+#PermitRootLogin no
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
-ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
-#UseDNS yes
-#PidFile /var/run/sshd.pid
+#UseDNS no
+#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
-# $OpenBSD$
+# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
-# "key type names" for X.509 certificates with RSA key
-# Note first defined is used in signature operations!
-#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
-#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
-
-# "key type names" for X.509 certificates with DSA key
-# Note first defined is used in signature operations!
-#X509KeyAlgorithm x509v3-sign-dss,dss-asn1
-#X509KeyAlgorithm x509v3-sign-dss,dss-raw
-
-# The intended use for the X509 client certificate. Without this option
-# no chain verification will be done. Currently accepted uses are case
-# insensitive:
-# - "sslclient", "SSL client", "SSL_client" or "client"
-# - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose"
-# - "skip" or ""(empty): don`t check purpose.
-#AllowedCertPurpose sslclient
-
-# Specifies whether self-issued(self-signed) X.509 certificate can be
-# allowed only by entry in AutorizedKeysFile that contain matching
-# public key or certificate blob.
-#KeyAllowSelfIssued no
-
-# Specifies whether CRL must present in store for all certificates in
-# certificate chain with atribute "cRLDistributionPoints"
-#MandatoryCRL no
-
-# A file with multiple certificates of certificate signers
-# in PEM format concatenated together.
-#CACertificateFile /etc/ssh/ca/ca-bundle.crt
-
-# A directory with certificates of certificate signers.
-# The certificates should have name of the form: [HASH].[NUMBER]
-# or have symbolic links to them of this form.
-#CACertificatePath /etc/ssh/ca/crt
-
-# A file with multiple CRL of certificate signers
-# in PEM format concatenated together.
-#CARevocationFile /etc/ssh/ca/ca-bundle.crl
-
-# A directory with CRL of certificate signers.
-# The CRL should have name of the form: [HASH].r[NUMBER]
-# or have symbolic links to them of this form.
-#CARevocationPath /etc/ssh/ca/crl
-
-# LDAP protocol version.
-# Example:
-# CAldapVersion 2
-
-# Note because of OpenSSH options parser limitation
-# use %3D instead of = !
-# LDAP initialization may require URL to be escaped, i.e.
-# use %2C instead of ,(comma). Escaped URL don't depend from
-# LDAP initialization method.
-# Example:
-# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom
-
-# SSH can use "Online Certificate Status Protocol"(OCSP)
-# to validate certificate. Set VAType to
-# - none : do not use OCSP to validate certificates;
-# - ocspcert: validate only certificates that specify `OCSP
-# Service Locator' URL;
-# - ocspspec: use specified in the configuration 'OCSP Responder'
-# to validate all certificates.
-#VAType none
-
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# no default banner path
#Banner none
+# here are the new patched ldap related tokens
+# entries in your LDAP must have posixAccount & ldapPublicKey objectclass
+#UseLPK yes
+#LpkLdapConf /etc/ldap.conf
+#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/
+#LpkUserDN ou=users,dc=phear,dc=org
+#LpkGroupDN ou=groups,dc=phear,dc=org
+#LpkBindDN cn=Manager,dc=phear,dc=org
+#LpkBindPw secret
+#LpkServerGroup mail
+#LpkFilter (hostAccess=master.phear.org)
+#LpkForceTLS no
+#LpkSearchTimelimit 3
+#LpkBindTimelimit 3
+#LpkPubKeyAttr sshPublicKey
+
# override default of no subsystems
Subsystem sftp /usr/lib64/misc/sftp-server
# the following are HPN related configuration options
# tcp receive buffer polling. disable in non autotuning kernels
#TcpRcvBufPoll yes
-
+
# disable hpn performance boosts
#HPNDisabled no
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
# "key type names" for X.509 certificates with RSA key
# Note first defined is used in signature operations!
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
+#PermitTTY yes
PrintMotd no
PrintLastLog no
#TCPKeepAlive yes
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
+# PermitTTY no
# ForceCommand cvs server
# Allow client to pass locale environment variables #367017
# "key type names" for X.509 certificates with RSA key
# Note first defined is used in signature operations!
-#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
+#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
# "key type names" for X.509 certificates with DSA key
# Note first defined is used in signature operations!
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
+# Ciphers and keying
+#RekeyLimit default none
+
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
-#LogLevel DEBUG
# Authentication:
# but this is overridden so installations will only check .ssh/authorized_keys
#AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
PrintLastLog no
#TCPKeepAlive yes
#UseLogin no
-#UsePrivilegeSeparation yes
+UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
-#MaxStartups 10
+#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
+#VersionAddendum none
# no default banner path
#Banner none
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
# override default of no subsystems
Subsystem sftp /usr/lib64/misc/sftp-server
# tcp receive buffer polling. disable in non autotuning kernels
#TcpRcvBufPoll yes
-# allow the use of the none cipher
-#NoneEnabled no
-
-# disable hpn performance boosts.
+# disable hpn performance boosts
#HPNDisabled no
# buffer size for hpn to non-hpn connections
#HPNBufferSize 2048
+# allow the use of the none cipher
+#NoneEnabled no
+
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
+
+# Allow client to pass locale environment variables #367017
+AcceptEnv LANG LC_*
--- /dev/null
+# $OpenBSD$
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+
+# "key type names" for X.509 certificates with RSA key
+# Note first defined is used in signature operations!
+#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
+#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
+
+# "key type names" for X.509 certificates with DSA key
+# Note first defined is used in signature operations!
+#X509KeyAlgorithm x509v3-sign-dss,dss-asn1
+#X509KeyAlgorithm x509v3-sign-dss,dss-raw
+
+# The intended use for the X509 client certificate. Without this option
+# no chain verification will be done. Currently accepted uses are case
+# insensitive:
+# - "sslclient", "SSL client", "SSL_client" or "client"
+# - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose"
+# - "skip" or ""(empty): don`t check purpose.
+#AllowedCertPurpose sslclient
+
+# Specifies whether self-issued(self-signed) X.509 certificate can be
+# allowed only by entry in AutorizedKeysFile that contain matching
+# public key or certificate blob.
+#KeyAllowSelfIssued no
+
+# Specifies whether CRL must present in store for all certificates in
+# certificate chain with atribute "cRLDistributionPoints"
+#MandatoryCRL no
+
+# A file with multiple certificates of certificate signers
+# in PEM format concatenated together.
+#CACertificateFile /etc/ssh/ca/ca-bundle.crt
+
+# A directory with certificates of certificate signers.
+# The certificates should have name of the form: [HASH].[NUMBER]
+# or have symbolic links to them of this form.
+#CACertificatePath /etc/ssh/ca/crt
+
+# A file with multiple CRL of certificate signers
+# in PEM format concatenated together.
+#CARevocationFile /etc/ssh/ca/ca-bundle.crl
+
+# A directory with CRL of certificate signers.
+# The CRL should have name of the form: [HASH].r[NUMBER]
+# or have symbolic links to them of this form.
+#CARevocationPath /etc/ssh/ca/crl
+
+# LDAP protocol version.
+# Example:
+# CAldapVersion 2
+
+# Note because of OpenSSH options parser limitation
+# use %3D instead of = !
+# LDAP initialization may require URL to be escaped, i.e.
+# use %2C instead of ,(comma). Escaped URL don't depend from
+# LDAP initialization method.
+# Example:
+# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom
+
+# SSH can use "Online Certificate Status Protocol"(OCSP)
+# to validate certificate. Set VAType to
+# - none : do not use OCSP to validate certificates;
+# - ocspcert: validate only certificates that specify `OCSP
+# Service Locator' URL;
+# - ocspspec: use specified in the configuration 'OCSP Responder'
+# to validate all certificates.
+#VAType none
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+#LogLevel DEBUG
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+#AuthorizedKeysFile .ssh/authorized_keys
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+PrintMotd no
+PrintLastLog no
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+#PermitTunnel no
+#ChrootDirectory none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem sftp /usr/lib64/misc/sftp-server
+
+# the following are HPN related configuration options
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
+
+# allow the use of the none cipher
+#NoneEnabled no
+
+# disable hpn performance boosts.
+#HPNDisabled no
+
+# buffer size for hpn to non-hpn connections
+#HPNBufferSize 2048
+
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# ForceCommand cvs server
-# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
+# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
#RekeyLimit default none
# Logging
-# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# override default of no subsystems
Subsystem sftp /usr/lib64/misc/sftp-server
+# the following are HPN related configuration options
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
+
+# disable hpn performance boosts
+#HPNDisabled no
+
+# buffer size for hpn to non-hpn connections
+#HPNBufferSize 2048
+
+
+# allow the use of the none cipher
+#NoneEnabled no
+
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
-# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
+# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
#RekeyLimit default none
# Logging
-# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# override default of no subsystems
Subsystem sftp /usr/lib64/misc/sftp-server
+# the following are HPN related configuration options
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
+
+# disable hpn performance boosts
+#HPNDisabled no
+
+# buffer size for hpn to non-hpn connections
+#HPNBufferSize 2048
+
+
+# allow the use of the none cipher
+#NoneEnabled no
+
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
projects / config / helga / etc.git / commitdiff