package beans var Ed25519PrivateKey = `-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACDk8R4KXGgDa5H2r8HrqW1klShoSISV20sLiXZPZPfeLwAAAJCIan+LiGp/ iwAAAAtzc2gtZWQyNTUxOQAAACDk8R4KXGgDa5H2r8HrqW1klShoSISV20sLiXZPZPfeLw AAAEDhnul+q0TNTgrO9kfmGsFhtn/rGRIrmhFostjem/QlZuTxHgpcaANrkfavweupbWSV KGhIhJXbSwuJdk9k994vAAAADHdkZEBjbWlpLmNvbQE= -----END OPENSSH PRIVATE KEY----- ` var Ed25519PublicKey = `ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTxHgpcaANrkfavweupbWSVKGhIhJXbSwuJdk9k994v wdd@cmii.com ` var DefaultSshdConfig = ` # OCTOPUS AGENT DEFAULT SSHD CONFIG - WDD # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Include /etc/ssh/sshd_config.d/*.conf Port 22 Port 22333 AddressFamily any ListenAddress 0.0.0.0 ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes AllowAgentForwarding yes AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server PasswordAuthentication yes PermitRootLogin yes StrictModes no ClientAliveInterval 30 ClientAliveCountMax 60 ` var SysctlConfig = ` # 开启 IPv4 路由转发 net.ipv4.ip_forward = 1 # 禁用 IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 # 开启 IPv4 转发 net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.default.forwarding = 1 # 开启 IPv4 连接跟踪 net.ipv4.tcp_syncookies = 1 # 开启 IPv4 连接跟踪 net.ipv4.tcp_tw_recycle = 1 # 开启 IPv4 连接跟踪 net.ipv4.tcp_tw_reuse = 1 # 开启 IPv4 连接跟踪 net.ipv4.tcp_fin_timeout = 30 # 开启 IPv4 连接跟踪 net.ipv4.tcp_keepalive_time = 1200 # 开启 IPv4 连接跟踪 net.ipv4.ip_local_port_range = 1024 65535 # 开启 IPv4 连接跟踪 net.ipv4.tcp_max_syn_backlog = 8192 # 开启 IPv4 连接跟踪 net.ipv4.tcp_max_tw_buckets = 5000 # 开启 IPv4 连接跟踪 net.ipv4.tcp_max_orphans = 32768 # 开启 IPv4 连接跟踪 net.ipv4.tcp_synack_retries = 2 # 开启 IPv4 连接跟踪 net.ipv4.tcp_syn_retries = 2 # 开启 IPv4 连接跟踪 net.ipv4.tcp_synflood_protect = 1000 # 开启 IPv4 连接跟踪 net.ipv4.tcp_timestamps = 1 # 开启 IPv4 连接跟踪 net.ipv4.tcp_window_scaling = 1 # 开启 IPv4 连接跟踪 net.ipv4.tcp_rmem = 4096 87380 4194304 `