mirror of
https://github.com/CloudNebulaProject/refraction-forger.git
synced 2026-04-10 21:30:40 +00:00
48f8db1236
Standalone workspace with 4 crates for building optimized OS images and publishing to OCI registries: - spec-parser: KDL image spec parsing with include resolution and profile-based conditional filtering - forge-oci: OCI image creation (tar layers, manifests, Image Layout) and registry push via oci-client - forge-engine: Build pipeline with Phase 1 (rootfs assembly via native package managers with -R) and Phase 2 (QCOW2/OCI/artifact targets), plus dyn-compatible ToolRunner trait for external tool execution - forger: CLI binary with build, validate, inspect, push, and targets commands Ported KDL specs and overlay files from the vm-manager prototype. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
77 lines
No EOL
2.1 KiB
Text
77 lines
No EOL
2.1 KiB
Text
#
|
|
# Configuration file for sshd(1m) (see also sshd_config(4))
|
|
#
|
|
|
|
Protocol 2
|
|
Port 22
|
|
|
|
# If port forwarding is enabled (default), specify if the server can bind to
|
|
# INADDR_ANY.
|
|
# This allows the local port forwarding to work when connections are received
|
|
# from any remote host.
|
|
GatewayPorts no
|
|
|
|
# X11 tunneling options
|
|
X11Forwarding yes
|
|
X11DisplayOffset 10
|
|
X11UseLocalhost yes
|
|
|
|
# The maximum number of concurrent unauthenticated connections to sshd.
|
|
# start:rate:full see sshd(1) for more information.
|
|
# The default is 10 unauthenticated clients.
|
|
#MaxStartups 10:30:60
|
|
|
|
# Banner to be printed before authentication starts.
|
|
#Banner /etc/issue
|
|
|
|
# Should sshd print the /etc/motd file and check for mail.
|
|
# On Solaris it is assumed that the login shell will do these (eg /etc/profile).
|
|
PrintMotd no
|
|
|
|
# KeepAlive specifies whether keep alive messages are sent to the client.
|
|
# See sshd(1) for detailed description of what this means.
|
|
# Note that the client may also be sending keep alive messages to the server.
|
|
KeepAlive yes
|
|
|
|
# Syslog facility and level
|
|
SyslogFacility auth
|
|
LogLevel info
|
|
|
|
#
|
|
# Authentication configuration
|
|
#
|
|
|
|
# Host private key files
|
|
# Must be on a local disk and readable only by the root user (root:sys 600).
|
|
# HostKey /etc/ssh/ssh_host_rsa_key
|
|
# HostKey /etc/ssh/ssh_host_dsa_key
|
|
|
|
# Ensure secure permissions on users .ssh directory.
|
|
StrictModes yes
|
|
|
|
# Length of time in seconds before a client that hasn't completed
|
|
# authentication is disconnected.
|
|
# Default is 600 seconds. 0 means no time limit.
|
|
LoginGraceTime 600
|
|
|
|
# Maximum number of retries for authentication
|
|
MaxAuthTries 6
|
|
|
|
# Are logins to accounts with empty passwords allowed.
|
|
# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK
|
|
# to pam_authenticate(3PAM).
|
|
PermitEmptyPasswords no
|
|
|
|
# To disable tunneled clear text passwords, change PasswordAuthentication to no.
|
|
# You probably also need to disable ChallengeResponseAuthentication.
|
|
PasswordAuthentication yes
|
|
|
|
# Change to no to disable s/key passwords
|
|
#ChallengeResponseAuthentication yes
|
|
|
|
PermitRootLogin without-password
|
|
|
|
# sftp subsystem
|
|
Subsystem sftp internal-sftp
|
|
|
|
IgnoreRhosts yes |