From 6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Tue, 24 Sep 2024 22:35:45 -0400
Subject: finish up idm_server hostclass

---
 files/usr/local/etc/ssh/sshd_config.freebsd | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 files/usr/local/etc/ssh/sshd_config.freebsd

(limited to 'files/usr/local/etc/ssh/sshd_config.freebsd')

diff --git a/files/usr/local/etc/ssh/sshd_config.freebsd b/files/usr/local/etc/ssh/sshd_config.freebsd
new file mode 100644
index 0000000..df46af6
--- /dev/null
+++ b/files/usr/local/etc/ssh/sshd_config.freebsd
@@ -0,0 +1,16 @@
+Include /etc/ssh/sshd_config.d/*.conf
+
+PermitRootLogin prohibit-password
+AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedKeysCommand /usr/local/libexec/idm-ssh-authorized-keys %u
+AuthorizedKeysCommandUser ${ssh_authzkeys_user}
+
+KbdInteractiveAuthentication no
+PasswordAuthentication yes
+
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+UsePAM yes
+UseDNS no
+
+Subsystem	sftp	/usr/local/libexec/sftp-server
-- 
cgit v1.2.3