sshd_config revision 126009
1# $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $ 2# $FreeBSD: head/crypto/openssh/sshd_config 126009 2004-02-19 15:53:31Z des $ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 8 9# The strategy used for options in the default sshd_config shipped with 10# OpenSSH is to specify options with their default value where 11# possible, but leave them commented. Uncommented options change a 12# default value. 13 14# Note that some of FreeBSD's defaults differ from OpenBSD's, and 15# FreeBSD has a few additional options. 16 17#VersionAddendum FreeBSD-20040106 18 19#Port 22 20#Protocol 2,1 21#ListenAddress 0.0.0.0 22#ListenAddress :: 23 24# HostKey for protocol version 1 25#HostKey /etc/ssh/ssh_host_key 26# HostKeys for protocol version 2 27#HostKey /etc/ssh/ssh_host_dsa_key 28 29# Lifetime and size of ephemeral version 1 server key 30#KeyRegenerationInterval 1h 31#ServerKeyBits 768 32 33# Logging 34#obsoletes QuietMode and FascistLogging 35#SyslogFacility AUTH 36#LogLevel INFO 37 38# Authentication: 39 40#LoginGraceTime 2m 41#PermitRootLogin no 42#StrictModes yes 43 44#RSAAuthentication yes 45#PubkeyAuthentication yes 46#AuthorizedKeysFile .ssh/authorized_keys 47 48# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 49#RhostsRSAAuthentication no 50# similar for protocol version 2 51#HostbasedAuthentication no 52# Change to yes if you don't trust ~/.ssh/known_hosts for 53# RhostsRSAAuthentication and HostbasedAuthentication 54#IgnoreUserKnownHosts no 55# Don't read the user's ~/.rhosts and ~/.shosts files 56#IgnoreRhosts yes 57 58# Change to yes to enable built-in password authentication. 59#PasswordAuthentication no 60#PermitEmptyPasswords no 61 62# Change to no to disable PAM authentication 63#ChallengeResponseAuthentication yes 64 65# Kerberos options 66#KerberosAuthentication no 67#KerberosOrLocalPasswd yes 68#KerberosTicketCleanup yes 69 70# GSSAPI options 71#GSSAPIAuthentication no 72#GSSAPICleanupCreds yes 73 74# Set this to 'yes' to enable PAM authentication (via challenge-response) 75# and session processing. Depending on your PAM configuration, this may 76# bypass the setting of 'PasswordAuthentication' 77#UsePAM yes 78 79#AllowTcpForwarding yes 80#GatewayPorts no 81#X11Forwarding yes 82#X11DisplayOffset 10 83#X11UseLocalhost yes 84#PrintMotd yes 85#PrintLastLog yes 86#KeepAlive yes 87#UseLogin no 88#UsePrivilegeSeparation yes 89#PermitUserEnvironment no 90#Compression yes 91#ClientAliveInterval 0 92#ClientAliveCountMax 3 93#UseDNS yes 94#PidFile /var/run/sshd.pid 95#MaxStartups 10 96 97# no default banner path 98#Banner /some/path 99 100# override default of no subsystems 101Subsystem sftp /usr/libexec/sftp-server 102