sshd_config revision 76262 
1112158Sdas#	$OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
2112158Sdas#	$FreeBSD: head/crypto/openssh/sshd_config 76262 2001-05-04 04:14:23Z green $
3112158Sdas
4112158Sdas# This is the sshd server system-wide configuration file.  See sshd(8)
5112158Sdas# for more information.
6112158Sdas
7112158SdasPort 22
8112158Sdas#Protocol 2,1
9112158Sdas#ListenAddress 0.0.0.0
10112158Sdas#ListenAddress ::
11112158SdasHostKey /etc/ssh_host_key
12112158SdasHostKey /etc/ssh_host_rsa_key
13112158SdasHostKey /etc/ssh_host_dsa_key
14112158SdasServerKeyBits 768
15112158SdasLoginGraceTime 120
16112158SdasKeyRegenerationInterval 3600
17112158SdasPermitRootLogin no
18112158Sdas# ConnectionsPerPeriod has been deprecated completely
19112158Sdas
20112158Sdas# After 10 unauthenticated connections, refuse 30% of the new ones, and
21112158Sdas# refuse any more than 60 total.
22112158SdasMaxStartups 10:30:60
23112158Sdas# Don't read ~/.rhosts and ~/.shosts files
24112158SdasIgnoreRhosts yes
25112158Sdas# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
26112158Sdas#IgnoreUserKnownHosts yes
27112158SdasStrictModes yes
28112158SdasX11Forwarding yes
29112158SdasX11DisplayOffset 10
30112158SdasPrintMotd yes
31112158Sdas#PrintLastLog no
32112158SdasKeepAlive yes
33112158Sdas
34112158Sdas# Logging
35112158SdasSyslogFacility AUTH
36112158SdasLogLevel INFO
37112158Sdas#obsoletes QuietMode and FascistLogging
38112158Sdas
39112158SdasRhostsAuthentication no
40112158Sdas#
41112158Sdas# For this to work you will also need host keys in /etc/ssh_known_hosts
42112158SdasRhostsRSAAuthentication no
43112158Sdas# similar for protocol version 2
44112158SdasHostbasedAuthentication no
45112158Sdas#
46112158SdasRSAAuthentication yes
47112158Sdas
48112158Sdas# To disable tunneled clear text passwords, change to no here!
49112158SdasPasswordAuthentication yes
50112158SdasPermitEmptyPasswords no
51112158Sdas
52112158Sdas# Uncomment to disable s/key passwords 
53112158Sdas#ChallengeResponseAuthentication no
54112158Sdas
55112158Sdas# To change Kerberos options
56112158Sdas#KerberosAuthentication no
57112158Sdas#KerberosOrLocalPasswd yes
58112158Sdas#AFSTokenPassing no
59187808Sdas#KerberosTicketCleanup no
60187808Sdas
61187808Sdas# Kerberos TGT Passing does only work with the AFS kaserver
62112158Sdas#KerberosTgtPassing yes
63112158Sdas
64112158SdasCheckMail yes
65112158Sdas#UseLogin no
66112158Sdas
67112158Sdas#MaxStartups 10:30:60
68112158Sdas#Banner /etc/issue.net
69112158Sdas#ReverseMappingCheck yes
70112158Sdas
71112158SdasSubsystem	sftp	/usr/libexec/sftp-server
72112158Sdas