这里针对官方仓库的gitlab镜像(from Ubuntu14)。
以下为ubuntu默认的shhd配置文件与gitlab配置文件(过滤了空行和注释)。
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
Port 22
Protocol 2
HostKey /home/git/data/ssh/ssh_host_rsa_key
HostKey /home/git/data/ssh/ssh_host_dsa_key
HostKey /home/git/data/ssh/ssh_host_ecdsa_key
HostKey /home/git/data/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation no
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel VERBOSE
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no
UseDNS no
# GitLab修改了Key保存路径及验证方式: /etc/ssh/ -> /home/git/data/ssh/
HostKey /home/git/data/ssh/ssh_host_rsa_key
HostKey /home/git/data/ssh/ssh_host_dsa_key
HostKey /home/git/data/ssh/ssh_host_ecdsa_key
HostKey /home/git/data/ssh/ssh_host_ed25519_key
# GitLab关闭权限隔离: yes -> no
UsePrivilegeSeparation no
# GitLab修改了日志级别:INFO -> VERBOSE
LogLevel VERBOSE
# GitLab禁用使用密码登陆:增加
PasswordAuthentication no
# GitLab开启
UsePAM no
# GitLab增加
UseDNS no