sshd_config revision 99051 
198684Sdes#	$OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
299051Sdes#	$FreeBSD: head/crypto/openssh/sshd_config 99051 2002-06-29 10:55:18Z des $
357429Smarkm
498684Sdes# This is the sshd server system-wide configuration file.  See
598684Sdes# sshd_config(5) for more information.
676262Sgreen
798941Sdes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
898941Sdes
992559Sdes# The strategy used for options in the default sshd_config shipped with
1092559Sdes# OpenSSH is to specify options with their default value where
1192559Sdes# possible, but leave them commented.  Uncommented options change a
1292559Sdes# default value.
1392559Sdes
1499051Sdes# Note that some of FreeBSD's defaults differ from OpenBSD's, and
1599051Sdes# FreeBSD has a few additional options.
1699051Sdes
1799051Sdes#VersionAddendum FreeBSD-20020625
1899051Sdes
1992559Sdes#Port 22
2060576Skris#Protocol 2,1
2157429Smarkm#ListenAddress 0.0.0.0
2257429Smarkm#ListenAddress ::
2369591Sgreen
2492559Sdes# HostKey for protocol version 1
2592559Sdes#HostKey /etc/ssh/ssh_host_key
2692559Sdes# HostKeys for protocol version 2
2792559Sdes#HostKey /etc/ssh/ssh_host_rsa_key
2892559Sdes#HostKey /etc/ssh/ssh_host_dsa_key
2957429Smarkm
3092559Sdes# Lifetime and size of ephemeral version 1 server key
3192559Sdes#KeyRegenerationInterval 3600
3292559Sdes#ServerKeyBits 768
3392559Sdes
3457429Smarkm# Logging
3557429Smarkm#obsoletes QuietMode and FascistLogging
3692559Sdes#SyslogFacility AUTH
3792559Sdes#LogLevel INFO
3857429Smarkm
3992559Sdes# Authentication:
4092559Sdes
4199051Sdes#LoginGraceTime 120
4299051Sdes#PermitRootLogin no
4392559Sdes#StrictModes yes
4492559Sdes
4592559Sdes#RSAAuthentication yes
4692559Sdes#PubkeyAuthentication yes
4792559Sdes#AuthorizedKeysFile	.ssh/authorized_keys
4892559Sdes
4992559Sdes# rhosts authentication should not be used
5092559Sdes#RhostsAuthentication no
5192559Sdes# Don't read the user's ~/.rhosts and ~/.shosts files
5292559Sdes#IgnoreRhosts yes
5392559Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
5492559Sdes#RhostsRSAAuthentication no
5576262Sgreen# similar for protocol version 2
5692559Sdes#HostbasedAuthentication no
5792559Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for
5892559Sdes# RhostsRSAAuthentication and HostbasedAuthentication
5992559Sdes#IgnoreUserKnownHosts no
6057429Smarkm
6157429Smarkm# To disable tunneled clear text passwords, change to no here!
6292559Sdes#PasswordAuthentication yes
6392559Sdes#PermitEmptyPasswords no
6476262Sgreen
6595456Sdes# Change to no to disable s/key passwords
6695456Sdes#ChallengeResponseAuthentication yes
6757429Smarkm
6892559Sdes# Kerberos options
6998684Sdes#KerberosAuthentication no
7057429Smarkm#KerberosOrLocalPasswd yes
7192559Sdes#KerberosTicketCleanup yes
7257429Smarkm
7398684Sdes#AFSTokenPassing no
7457429Smarkm
7592559Sdes# Kerberos TGT Passing only works with the AFS kaserver
7692559Sdes#KerberosTgtPassing no
7792559Sdes
7898941Sdes# Set this to 'yes' to enable PAM keyboard-interactive authentication 
7998941Sdes# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
8098941Sdes#PAMAuthenticationViaKbdInt yes
8198941Sdes
8299051Sdes#X11Forwarding yes
8392559Sdes#X11DisplayOffset 10
8492559Sdes#X11UseLocalhost yes
8592559Sdes#PrintMotd yes
8692559Sdes#PrintLastLog yes
8792559Sdes#KeepAlive yes
8857429Smarkm#UseLogin no
8998941Sdes#UsePrivilegeSeparation yes
9098684Sdes#Compression yes
9165674Skris
9292559Sdes#MaxStartups 10
9392559Sdes# no default banner path
9492559Sdes#Banner /some/path
9592559Sdes#VerifyReverseMapping no
9676262Sgreen
9792559Sdes# override default of no subsystems
9876262SgreenSubsystem	sftp	/usr/libexec/sftp-server
99