sshd_config revision 98684
198684Sdes# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ 298684Sdes# $FreeBSD: head/crypto/openssh/sshd_config 98684 2002-06-23 16:09:08Z des $ 357429Smarkm 498684Sdes# This is the sshd server system-wide configuration file. See 598684Sdes# sshd_config(5) for more information. 676262Sgreen 792559Sdes# The strategy used for options in the default sshd_config shipped with 892559Sdes# OpenSSH is to specify options with their default value where 992559Sdes# possible, but leave them commented. Uncommented options change a 1092559Sdes# default value. 1192559Sdes 1292559Sdes# Note that some of FreeBSD's defaults differ from OpenBSD's, and 1392559Sdes# FreeBSD has a few additional options. 1492559Sdes 1593701Sdes#VersionAddendum FreeBSD-20020402 1692559Sdes 1792559Sdes#Port 22 1860576Skris#Protocol 2,1 1957429Smarkm#ListenAddress 0.0.0.0 2057429Smarkm#ListenAddress :: 2169591Sgreen 2292559Sdes# HostKey for protocol version 1 2392559Sdes#HostKey /etc/ssh/ssh_host_key 2492559Sdes# HostKeys for protocol version 2 2592559Sdes#HostKey /etc/ssh/ssh_host_rsa_key 2692559Sdes#HostKey /etc/ssh/ssh_host_dsa_key 2757429Smarkm 2892559Sdes# Lifetime and size of ephemeral version 1 server key 2992559Sdes#KeyRegenerationInterval 3600 3092559Sdes#ServerKeyBits 768 3192559Sdes 3257429Smarkm# Logging 3357429Smarkm#obsoletes QuietMode and FascistLogging 3492559Sdes#SyslogFacility AUTH 3592559Sdes#LogLevel INFO 3657429Smarkm 3792559Sdes# Authentication: 3892559Sdes 3992559Sdes#LoginGraceTime 120 4092559Sdes#PermitRootLogin no 4192559Sdes#StrictModes yes 4292559Sdes 4392559Sdes#RSAAuthentication yes 4492559Sdes#PubkeyAuthentication yes 4592559Sdes#AuthorizedKeysFile .ssh/authorized_keys 4692559Sdes 4792559Sdes# rhosts authentication should not be used 4892559Sdes#RhostsAuthentication no 4992559Sdes# Don't read the user's ~/.rhosts and ~/.shosts files 5092559Sdes#IgnoreRhosts yes 5192559Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 5292559Sdes#RhostsRSAAuthentication no 5376262Sgreen# similar for protocol version 2 5492559Sdes#HostbasedAuthentication no 5592559Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for 5692559Sdes# RhostsRSAAuthentication and HostbasedAuthentication 5792559Sdes#IgnoreUserKnownHosts no 5857429Smarkm 5957429Smarkm# To disable tunneled clear text passwords, change to no here! 6092559Sdes#PasswordAuthentication yes 6192559Sdes#PermitEmptyPasswords no 6276262Sgreen 6395456Sdes# Change to no to disable s/key passwords 6495456Sdes#ChallengeResponseAuthentication yes 6557429Smarkm 6692559Sdes# Kerberos options 6798684Sdes#KerberosAuthentication no 6857429Smarkm#KerberosOrLocalPasswd yes 6992559Sdes#KerberosTicketCleanup yes 7057429Smarkm 7198684Sdes#AFSTokenPassing no 7257429Smarkm 7392559Sdes# Kerberos TGT Passing only works with the AFS kaserver 7492559Sdes#KerberosTgtPassing no 7592559Sdes 7692559Sdes#X11Forwarding yes 7792559Sdes#X11DisplayOffset 10 7892559Sdes#X11UseLocalhost yes 7992559Sdes#PrintMotd yes 8092559Sdes#PrintLastLog yes 8192559Sdes#KeepAlive yes 8257429Smarkm#UseLogin no 8392559Sdes#CheckMail yes 8498684Sdes#UsePrivilegeSeparation no 8598684Sdes#Compression yes 8665674Skris 8792559Sdes#MaxStartups 10 8892559Sdes# no default banner path 8992559Sdes#Banner /some/path 9092559Sdes#VerifyReverseMapping no 9176262Sgreen 9292559Sdes# override default of no subsystems 9376262SgreenSubsystem sftp /usr/libexec/sftp-server 94