| HostKey /data/ssh/ssh_host_ed25519_key |
| |
| LogLevel ERROR |
| |
| # Zero or more authorized_keys files may be present under different scenarios: |
| # /data - authorized_keys are typically read from here when running on hardware, copied into minfs |
| # during the paving process. |
| # /boot - authorized_keys should only present be in bootfs when running Fuchsia in an emulator. |
| # /config/data/authorized_keys - This file is not expected to be present on standard builds, only |
| # on those that need to inject keys for special circumstances, such as when being tested |
| # from automated infrastructure. |
| # See go/fuchsia-ssh-for-testing for more informaton on that. |
| # |
| # These are combined since the sshd will only use the first AuthorizedKeysFile line. |
| AuthorizedKeysFile /data/ssh/authorized_keys /boot/data/ssh/authorized_keys /config/data/authorized_keys |
| |
| # Enable SSH using Certificate Authority-issued SSH credentials. These are not expected to be |
| # present in most builds, and products will add keys to this location in config-data to enable this |
| # feature. |
| TrustedUserCAKeys /config/data/ssh_ca_pub_keys |
| |
| # This is an opion specific to the Fuchsia fork which disables validation of the "valid_after" field |
| # of CA-signed ssh key certificates, so that ssh can be used when the current time has not been able |
| # to be synced with, and the system is using the backstop time. |
| IgnoreValidAfter yes |
| |
| # We disallow password authentication completely (it's unsupported irrespective of this |
| # configuration), so all auth is key-based. Bump the MaxAuthTries limit to accommodate users with |
| # many keys added to their SSH agent. |
| PasswordAuthentication no |
| MaxAuthTries 20 |
| MaxSessions 20 |
| |
| Protocol 2 |
| TCPKeepAlive yes |
| ClientAliveInterval 1 |
| ClientAliveCountMax 20 |
| |
| Subsystem sftp /pkg/bin/sftp-server |
| Subsystem sl4f /pkg/bin/sl4f-server |
| |
| AcceptEnv FFX_DAEMON_ABI_REVISION |