88 lines
3.8 KiB
YAML
88 lines
3.8 KiB
YAML
# The IP addresses(s) the SSH server will listen on. Use a comma separated list for multiple addresses.
|
|
# Leave as "all" for all addresses.
|
|
ListenAddress: all
|
|
# The port the SSH server will listen on. Note that anything *below* 1024 will require you to run
|
|
# the whole minecraft server with elevated privileges (NOT RECOMMENDED).
|
|
Port: 1025
|
|
|
|
# Operational mode. Don't touch if you don't know what you're doing. Can be either DEFAULT or RPC
|
|
Mode: DEFAULT
|
|
|
|
# Enable built-in SFTP server or not. You'll be able to connect and upload/download files via SFTP protocol.
|
|
# Might be useful for testing purposes as well , i. e. docker containers.
|
|
EnableSFTP: true
|
|
|
|
# Number of times a person can fail to use an SSH key or enter a password
|
|
# before it terminates the connection.
|
|
LoginRetries: 3
|
|
|
|
########################################################################################
|
|
# By default, only public key authentication is enabled. This is the most secure mode.
|
|
# To authorize a user to login with their public key, install their key using the
|
|
# OpenSSH authorized_keys file format in the authorized_users directory. Name the key
|
|
# file with the user's username and no extension. Note: If you want to let a user have
|
|
# many keys, you can append the keys to their file in authorized_users.
|
|
########################################################################################
|
|
|
|
# For less secure username and password based authentication, complete the sections below.
|
|
|
|
# Type of hashing to use for the passwords below.
|
|
# Options are: PLAIN (insecure), bcrypt, pbkdf2, sha256
|
|
#
|
|
# You can use the console/in-game command `/mkpasswd [hash] PASSWORD` to
|
|
# generate a password hash string then copy it for your passwords below.
|
|
# You can also use `/mkpasswd help` to see what algorithms are supported.
|
|
PasswordType: bcrypt
|
|
|
|
# Associate each username with a password hash (or the password if the PasswordType is set to PLAIN)
|
|
Credentials:
|
|
# The defaults for any user who does not have a specific section.
|
|
# Specific user permissions override the $default pseudo-user.
|
|
$default:
|
|
# Whether they can read or write to the console
|
|
console: RW
|
|
# SFTP access for anyone.
|
|
sftp:
|
|
# Whether sftp is allowed at all.
|
|
enabled: true
|
|
# Whether to allow or deny by default
|
|
default: allow
|
|
# specific rules for directories
|
|
rules:
|
|
# Deny the SSHD config folder by default as an example.
|
|
"*SSHD/*":
|
|
readable: false
|
|
writeable: false
|
|
|
|
# Username (should match SSH key if using key-based authentication)
|
|
justasic:
|
|
# Password hash from /mkpasswd command
|
|
password: $2a$10$Oqk83FrypRrMF35EDeoQDuidJOQEWBE0joEQ7MJFi/Oeg26wQ3fm2
|
|
# Whether they can read, write, or have read/write permissions to console.
|
|
console: RW
|
|
# SFTP access for this user.
|
|
sftp:
|
|
# Whether SFTP is enabled for this user.
|
|
enabled: true
|
|
# Whether to deny access by default or allow access by default
|
|
default: allow
|
|
# Rules regarding their SFTP access.
|
|
# These rules are relative to the server root.
|
|
# This acts as a chroot for the server root.
|
|
# Each path can be an absolute path or a regular expression.
|
|
rules:
|
|
"/path/to/file":
|
|
# Whether the user can read the file over SFTP
|
|
readable: true
|
|
# Whether the user can write/modify the file over SFTP
|
|
writeable: true
|
|
"/path/to/regex/*":
|
|
readable: true
|
|
writeable: false
|
|
"/path/to/directory/":
|
|
readable: false
|
|
writeable: true
|
|
"/another/example/path":
|
|
readable: false
|
|
writeable: false
|