sshd_config revision 92559
192559Sdes# $OpenBSD: src/usr.bin/ssh/sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $ 292559Sdes# $FreeBSD: head/crypto/openssh/sshd_config 92559 2002-03-18 10:09:43Z des $ 357429Smarkm 476262Sgreen# This is the sshd server system-wide configuration file. See sshd(8) 576262Sgreen# for more information. 676262Sgreen 792559Sdes# The strategy used for options in the default sshd_config shipped with 892559Sdes# OpenSSH is to specify options with their default value where 992559Sdes# possible, but leave them commented. Uncommented options change a 1092559Sdes# default value. 1192559Sdes 1292559Sdes# Note that some of FreeBSD's defaults differ from OpenBSD's, and 1392559Sdes# FreeBSD has a few additional options. 1492559Sdes 1592559Sdes#VersionAddendum FreeBSD localisations 20020318 1692559Sdes 1792559Sdes#Port 22 1860576Skris#Protocol 2,1 1957429Smarkm#ListenAddress 0.0.0.0 2057429Smarkm#ListenAddress :: 2169591Sgreen 2292559Sdes# HostKey for protocol version 1 2392559Sdes#HostKey /etc/ssh/ssh_host_key 2492559Sdes# HostKeys for protocol version 2 2592559Sdes#HostKey /etc/ssh/ssh_host_rsa_key 2692559Sdes#HostKey /etc/ssh/ssh_host_dsa_key 2757429Smarkm 2892559Sdes# Lifetime and size of ephemeral version 1 server key 2992559Sdes#KeyRegenerationInterval 3600 3092559Sdes#ServerKeyBits 768 3192559Sdes 3257429Smarkm# Logging 3357429Smarkm#obsoletes QuietMode and FascistLogging 3492559Sdes#SyslogFacility AUTH 3592559Sdes#LogLevel INFO 3657429Smarkm 3792559Sdes# Authentication: 3892559Sdes 3992559Sdes#LoginGraceTime 120 4092559Sdes#PermitRootLogin no 4192559Sdes#StrictModes yes 4292559Sdes 4392559Sdes#RSAAuthentication yes 4492559Sdes#PubkeyAuthentication yes 4592559Sdes#AuthorizedKeysFile .ssh/authorized_keys 4692559Sdes 4792559Sdes# rhosts authentication should not be used 4892559Sdes#RhostsAuthentication no 4992559Sdes# Don't read the user's ~/.rhosts and ~/.shosts files 5092559Sdes#IgnoreRhosts yes 5192559Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 5292559Sdes#RhostsRSAAuthentication no 5376262Sgreen# similar for protocol version 2 5492559Sdes#HostbasedAuthentication no 5592559Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for 5692559Sdes# RhostsRSAAuthentication and HostbasedAuthentication 5792559Sdes#IgnoreUserKnownHosts no 5857429Smarkm 5957429Smarkm# To disable tunneled clear text passwords, change to no here! 6092559Sdes#PasswordAuthentication yes 6192559Sdes#PermitEmptyPasswords no 6276262Sgreen 6392559Sdes# Change to no to disable s/key passwords 6492559Sdes#ChallengeResponseAuthentication yes 6557429Smarkm 6692559Sdes# Kerberos options 6792559Sdes# KerberosAuthentication automatically enabled if keyfile exists 6892559Sdes#KerberosAuthentication yes 6957429Smarkm#KerberosOrLocalPasswd yes 7092559Sdes#KerberosTicketCleanup yes 7157429Smarkm 7292559Sdes# AFSTokenPassing automatically enabled if k_hasafs() is true 7392559Sdes#AFSTokenPassing yes 7457429Smarkm 7592559Sdes# Kerberos TGT Passing only works with the AFS kaserver 7692559Sdes#KerberosTgtPassing no 7792559Sdes 7892559Sdes#X11Forwarding yes 7992559Sdes#X11DisplayOffset 10 8092559Sdes#X11UseLocalhost yes 8192559Sdes#PrintMotd yes 8292559Sdes#PrintLastLog yes 8392559Sdes#KeepAlive yes 8457429Smarkm#UseLogin no 8592559Sdes#CheckMail yes 8665674Skris 8792559Sdes#MaxStartups 10 8892559Sdes# no default banner path 8992559Sdes#Banner /some/path 9092559Sdes#VerifyReverseMapping no 9176262Sgreen 9292559Sdes# override default of no subsystems 9376262SgreenSubsystem sftp /usr/libexec/sftp-server 94