sshd_config revision 162856
1162856Sdes# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ 299051Sdes# $FreeBSD: head/crypto/openssh/sshd_config 162856 2006-09-30 13:38:06Z des $ 357429Smarkm 498684Sdes# This is the sshd server system-wide configuration file. See 598684Sdes# sshd_config(5) for more information. 676262Sgreen 798941Sdes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 898941Sdes 992559Sdes# The strategy used for options in the default sshd_config shipped with 1092559Sdes# OpenSSH is to specify options with their default value where 1192559Sdes# possible, but leave them commented. Uncommented options change a 1292559Sdes# default value. 1392559Sdes 1499051Sdes# Note that some of FreeBSD's defaults differ from OpenBSD's, and 1599051Sdes# FreeBSD has a few additional options. 1699051Sdes 17157019Sdes#VersionAddendum FreeBSD-20060322 1899051Sdes 1992559Sdes#Port 22 20126271Sdes#Protocol 2 21147005Sdes#AddressFamily any 2257429Smarkm#ListenAddress 0.0.0.0 2357429Smarkm#ListenAddress :: 2469591Sgreen 2592559Sdes# HostKey for protocol version 1 2692559Sdes#HostKey /etc/ssh/ssh_host_key 2792559Sdes# HostKeys for protocol version 2 2892559Sdes#HostKey /etc/ssh/ssh_host_dsa_key 2957429Smarkm 3092559Sdes# Lifetime and size of ephemeral version 1 server key 31124211Sdes#KeyRegenerationInterval 1h 3292559Sdes#ServerKeyBits 768 3392559Sdes 3457429Smarkm# Logging 35149753Sdes# obsoletes QuietMode and FascistLogging 3692559Sdes#SyslogFacility AUTH 3792559Sdes#LogLevel INFO 3857429Smarkm 3992559Sdes# Authentication: 4092559Sdes 41124211Sdes#LoginGraceTime 2m 4299051Sdes#PermitRootLogin no 4392559Sdes#StrictModes yes 44137019Sdes#MaxAuthTries 6 4592559Sdes 4692559Sdes#RSAAuthentication yes 4792559Sdes#PubkeyAuthentication yes 4892559Sdes#AuthorizedKeysFile .ssh/authorized_keys 4992559Sdes 5092559Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 5192559Sdes#RhostsRSAAuthentication no 5276262Sgreen# similar for protocol version 2 5392559Sdes#HostbasedAuthentication no 5492559Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for 5592559Sdes# RhostsRSAAuthentication and HostbasedAuthentication 5692559Sdes#IgnoreUserKnownHosts no 57124211Sdes# Don't read the user's ~/.rhosts and ~/.shosts files 58124211Sdes#IgnoreRhosts yes 5957429Smarkm 60126009Sdes# Change to yes to enable built-in password authentication. 61126009Sdes#PasswordAuthentication no 6292559Sdes#PermitEmptyPasswords no 6376262Sgreen 6499315Sdes# Change to no to disable PAM authentication 6595456Sdes#ChallengeResponseAuthentication yes 6657429Smarkm 6792559Sdes# Kerberos options 6898684Sdes#KerberosAuthentication no 6957429Smarkm#KerberosOrLocalPasswd yes 7092559Sdes#KerberosTicketCleanup yes 71126277Sdes#KerberosGetAFSToken no 7257429Smarkm 73124211Sdes# GSSAPI options 74124211Sdes#GSSAPIAuthentication no 75126277Sdes#GSSAPICleanupCredentials yes 7657429Smarkm 77162856Sdes# Set this to 'no' to disable PAM authentication, account processing, 78137019Sdes# and session processing. If this is enabled, PAM authentication will 79162856Sdes# be allowed through the ChallengeResponseAuthentication and 80162856Sdes# PasswordAuthentication. Depending on your PAM configuration, 81162856Sdes# PAM authentication via ChallengeResponseAuthentication may bypass 82162856Sdes# the setting of "PermitRootLogin without-password". 83162856Sdes# If you just want the PAM account and session checks to run without 84162856Sdes# PAM authentication, then enable this but set PasswordAuthentication 85162856Sdes# and ChallengeResponseAuthentication to 'no'. 86127033Sdes#UsePAM yes 8792559Sdes 88124211Sdes#AllowTcpForwarding yes 89124211Sdes#GatewayPorts no 9099051Sdes#X11Forwarding yes 9192559Sdes#X11DisplayOffset 10 9292559Sdes#X11UseLocalhost yes 9392559Sdes#PrintMotd yes 9492559Sdes#PrintLastLog yes 95126277Sdes#TCPKeepAlive yes 9657429Smarkm#UseLogin no 9798941Sdes#UsePrivilegeSeparation yes 98106130Sdes#PermitUserEnvironment no 99149753Sdes#Compression delayed 100124211Sdes#ClientAliveInterval 0 101124211Sdes#ClientAliveCountMax 3 102124211Sdes#UseDNS yes 103124211Sdes#PidFile /var/run/sshd.pid 104124211Sdes#MaxStartups 10 105157019Sdes#PermitTunnel no 10665674Skris 10792559Sdes# no default banner path 10892559Sdes#Banner /some/path 10976262Sgreen 11092559Sdes# override default of no subsystems 11176262SgreenSubsystem sftp /usr/libexec/sftp-server 112162856Sdes 113162856Sdes# Example of overriding settings on a per-user basis 114162856Sdes#Match User anoncvs 115162856Sdes# X11Forwarding no 116162856Sdes# AllowTcpForwarding no 117162856Sdes# ForceCommand cvs server 118