sshd_config revision 126277 
1126277Sdes#	$OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
299051Sdes#	$FreeBSD: head/crypto/openssh/sshd_config 126277 2004-02-26 10:52:33Z des $
357429Smarkm
498684Sdes# This is the sshd server system-wide configuration file.  See
598684Sdes# sshd_config(5) for more information.
676262Sgreen
798941Sdes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
898941Sdes
992559Sdes# The strategy used for options in the default sshd_config shipped with
1092559Sdes# OpenSSH is to specify options with their default value where
1192559Sdes# possible, but leave them commented.  Uncommented options change a
1292559Sdes# default value.
1392559Sdes
1499051Sdes# Note that some of FreeBSD's defaults differ from OpenBSD's, and
1599051Sdes# FreeBSD has a few additional options.
1699051Sdes
17124211Sdes#VersionAddendum FreeBSD-20040106
1899051Sdes
1992559Sdes#Port 22
20126271Sdes#Protocol 2
2157429Smarkm#ListenAddress 0.0.0.0
2257429Smarkm#ListenAddress ::
2369591Sgreen
2492559Sdes# HostKey for protocol version 1
2592559Sdes#HostKey /etc/ssh/ssh_host_key
2692559Sdes# HostKeys for protocol version 2
2792559Sdes#HostKey /etc/ssh/ssh_host_dsa_key
2857429Smarkm
2992559Sdes# Lifetime and size of ephemeral version 1 server key
30124211Sdes#KeyRegenerationInterval 1h
3192559Sdes#ServerKeyBits 768
3292559Sdes
3357429Smarkm# Logging
3457429Smarkm#obsoletes QuietMode and FascistLogging
3592559Sdes#SyslogFacility AUTH
3692559Sdes#LogLevel INFO
3757429Smarkm
3892559Sdes# Authentication:
3992559Sdes
40124211Sdes#LoginGraceTime 2m
4199051Sdes#PermitRootLogin no
4292559Sdes#StrictModes yes
4392559Sdes
4492559Sdes#RSAAuthentication yes
4592559Sdes#PubkeyAuthentication yes
4692559Sdes#AuthorizedKeysFile	.ssh/authorized_keys
4792559Sdes
4892559Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
4992559Sdes#RhostsRSAAuthentication no
5076262Sgreen# similar for protocol version 2
5192559Sdes#HostbasedAuthentication no
5292559Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for
5392559Sdes# RhostsRSAAuthentication and HostbasedAuthentication
5492559Sdes#IgnoreUserKnownHosts no
55124211Sdes# Don't read the user's ~/.rhosts and ~/.shosts files
56124211Sdes#IgnoreRhosts yes
5757429Smarkm
58126009Sdes# Change to yes to enable built-in password authentication.
59126009Sdes#PasswordAuthentication no
6092559Sdes#PermitEmptyPasswords no
6176262Sgreen
6299315Sdes# Change to no to disable PAM authentication
6395456Sdes#ChallengeResponseAuthentication yes
6457429Smarkm
6592559Sdes# Kerberos options
6698684Sdes#KerberosAuthentication no
6757429Smarkm#KerberosOrLocalPasswd yes
6892559Sdes#KerberosTicketCleanup yes
69126277Sdes#KerberosGetAFSToken no
7057429Smarkm
71124211Sdes# GSSAPI options
72124211Sdes#GSSAPIAuthentication no
73126277Sdes#GSSAPICleanupCredentials yes
7457429Smarkm
75124211Sdes# Set this to 'yes' to enable PAM authentication (via challenge-response)
76124211Sdes# and session processing. Depending on your PAM configuration, this may
77126277Sdes# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
78126277Sdes#UsePAM no
7992559Sdes
80124211Sdes#AllowTcpForwarding yes
81124211Sdes#GatewayPorts no
8299051Sdes#X11Forwarding yes
8392559Sdes#X11DisplayOffset 10
8492559Sdes#X11UseLocalhost yes
8592559Sdes#PrintMotd yes
8692559Sdes#PrintLastLog yes
87126277Sdes#TCPKeepAlive yes
8857429Smarkm#UseLogin no
8998941Sdes#UsePrivilegeSeparation yes
90106130Sdes#PermitUserEnvironment no
9198684Sdes#Compression yes
92124211Sdes#ClientAliveInterval 0
93124211Sdes#ClientAliveCountMax 3
94124211Sdes#UseDNS yes
95124211Sdes#PidFile /var/run/sshd.pid
96124211Sdes#MaxStartups 10
9765674Skris
9892559Sdes# no default banner path
9992559Sdes#Banner /some/path
10076262Sgreen
10192559Sdes# override default of no subsystems
10276262SgreenSubsystem	sftp	/usr/libexec/sftp-server
103