From 2998949c858bf2189bd9cc5068f40f8936b7c671 Mon Sep 17 00:00:00 2001
From: Daniel Jakots <djakots@evolix.ca>
Date: Wed, 25 Oct 2017 16:20:04 -0400
Subject: [PATCH] =?UTF-8?q?rajout=20conf=20par=20d=C3=A9faut?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 HowtoSSH.md | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 71 insertions(+), 1 deletion(-)

diff --git a/HowtoSSH.md b/HowtoSSH.md
index 063f42c8..8d27b7e3 100644
--- a/HowtoSSH.md
+++ b/HowtoSSH.md
@@ -29,7 +29,77 @@ serveur dépend du choix qui a été fait lors de l'installation.
 
 ### Configuration minimale
 
-TODO
+La configuration de base qu'on utilise (les commentaires sont les
+options par défaut pouvant être changées).
+
+~~~
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 22
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin no
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile     %h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+UsePAM yes
+
+AllowUsers johndoe janedoe alice bob
+Match Address 192.0.2.42
+    PasswordAuthentication yes
+Match User eve
+    PasswordAuthentication no
+
+~~~
 
 ### Log verbeux pour SFTP