sshd_config revision 137019
1137019Sdes# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $ 299051Sdes# $FreeBSD: head/crypto/openssh/sshd_config 137019 2004-10-28 16:11:31Z des $ 357429Smarkm 498684Sdes# This is the sshd server system-wide configuration file. See 598684Sdes# sshd_config(5) for more information. 676262Sgreen 798941Sdes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 898941Sdes 992559Sdes# The strategy used for options in the default sshd_config shipped with 1092559Sdes# OpenSSH is to specify options with their default value where 1192559Sdes# possible, but leave them commented. Uncommented options change a 1292559Sdes# default value. 1392559Sdes 1499051Sdes# Note that some of FreeBSD's defaults differ from OpenBSD's, and 1599051Sdes# FreeBSD has a few additional options. 1699051Sdes 17137019Sdes#VersionAddendum FreeBSD-20041028 1899051Sdes 1992559Sdes#Port 22 20126271Sdes#Protocol 2 2157429Smarkm#ListenAddress 0.0.0.0 2257429Smarkm#ListenAddress :: 2369591Sgreen 2492559Sdes# HostKey for protocol version 1 2592559Sdes#HostKey /etc/ssh/ssh_host_key 2692559Sdes# HostKeys for protocol version 2 2792559Sdes#HostKey /etc/ssh/ssh_host_dsa_key 2857429Smarkm 2992559Sdes# Lifetime and size of ephemeral version 1 server key 30124211Sdes#KeyRegenerationInterval 1h 3192559Sdes#ServerKeyBits 768 3292559Sdes 3357429Smarkm# Logging 3457429Smarkm#obsoletes QuietMode and FascistLogging 3592559Sdes#SyslogFacility AUTH 3692559Sdes#LogLevel INFO 3757429Smarkm 3892559Sdes# Authentication: 3992559Sdes 40124211Sdes#LoginGraceTime 2m 4199051Sdes#PermitRootLogin no 4292559Sdes#StrictModes yes 43137019Sdes#MaxAuthTries 6 4492559Sdes 4592559Sdes#RSAAuthentication yes 4692559Sdes#PubkeyAuthentication yes 4792559Sdes#AuthorizedKeysFile .ssh/authorized_keys 4892559Sdes 4992559Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 5092559Sdes#RhostsRSAAuthentication no 5176262Sgreen# similar for protocol version 2 5292559Sdes#HostbasedAuthentication no 5392559Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for 5492559Sdes# RhostsRSAAuthentication and HostbasedAuthentication 5592559Sdes#IgnoreUserKnownHosts no 56124211Sdes# Don't read the user's ~/.rhosts and ~/.shosts files 57124211Sdes#IgnoreRhosts yes 5857429Smarkm 59126009Sdes# Change to yes to enable built-in password authentication. 60126009Sdes#PasswordAuthentication no 6192559Sdes#PermitEmptyPasswords no 6276262Sgreen 6399315Sdes# Change to no to disable PAM authentication 6495456Sdes#ChallengeResponseAuthentication yes 6557429Smarkm 6692559Sdes# Kerberos options 6798684Sdes#KerberosAuthentication no 6857429Smarkm#KerberosOrLocalPasswd yes 6992559Sdes#KerberosTicketCleanup yes 70126277Sdes#KerberosGetAFSToken no 7157429Smarkm 72124211Sdes# GSSAPI options 73124211Sdes#GSSAPIAuthentication no 74126277Sdes#GSSAPICleanupCredentials yes 7557429Smarkm 76137019Sdes# Set this to 'no' to disable PAM authentication, account processing, 77137019Sdes# and session processing. If this is enabled, PAM authentication will 78137019Sdes# be allowed through the ChallengeResponseAuthentication mechanism. 79137019Sdes# Depending on your PAM configuration, this may bypass the setting of 80137019Sdes# PasswordAuthentication, PermitEmptyPasswords, and 81137019Sdes# "PermitRootLogin without-password". If you just want the PAM account and 82137019Sdes# session checks to run without PAM authentication, then enable this but set 83137019Sdes# ChallengeResponseAuthentication=no 84127033Sdes#UsePAM yes 8592559Sdes 86124211Sdes#AllowTcpForwarding yes 87124211Sdes#GatewayPorts no 8899051Sdes#X11Forwarding yes 8992559Sdes#X11DisplayOffset 10 9092559Sdes#X11UseLocalhost yes 9192559Sdes#PrintMotd yes 9292559Sdes#PrintLastLog yes 93126277Sdes#TCPKeepAlive yes 9457429Smarkm#UseLogin no 9598941Sdes#UsePrivilegeSeparation yes 96106130Sdes#PermitUserEnvironment no 9798684Sdes#Compression yes 98124211Sdes#ClientAliveInterval 0 99124211Sdes#ClientAliveCountMax 3 100124211Sdes#UseDNS yes 101124211Sdes#PidFile /var/run/sshd.pid 102124211Sdes#MaxStartups 10 10365674Skris 10492559Sdes# no default banner path 10592559Sdes#Banner /some/path 10676262Sgreen 10792559Sdes# override default of no subsystems 10876262SgreenSubsystem sftp /usr/libexec/sftp-server 109