sshd_config revision 99051
198684Sdes# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ 299051Sdes# $FreeBSD: head/crypto/openssh/sshd_config 99051 2002-06-29 10:55:18Z des $ 357429Smarkm 498684Sdes# This is the sshd server system-wide configuration file. See 598684Sdes# sshd_config(5) for more information. 676262Sgreen 798941Sdes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 898941Sdes 992559Sdes# The strategy used for options in the default sshd_config shipped with 1092559Sdes# OpenSSH is to specify options with their default value where 1192559Sdes# possible, but leave them commented. Uncommented options change a 1292559Sdes# default value. 1392559Sdes 1499051Sdes# Note that some of FreeBSD's defaults differ from OpenBSD's, and 1599051Sdes# FreeBSD has a few additional options. 1699051Sdes 1799051Sdes#VersionAddendum FreeBSD-20020625 1899051Sdes 1992559Sdes#Port 22 2060576Skris#Protocol 2,1 2157429Smarkm#ListenAddress 0.0.0.0 2257429Smarkm#ListenAddress :: 2369591Sgreen 2492559Sdes# HostKey for protocol version 1 2592559Sdes#HostKey /etc/ssh/ssh_host_key 2692559Sdes# HostKeys for protocol version 2 2792559Sdes#HostKey /etc/ssh/ssh_host_rsa_key 2892559Sdes#HostKey /etc/ssh/ssh_host_dsa_key 2957429Smarkm 3092559Sdes# Lifetime and size of ephemeral version 1 server key 3192559Sdes#KeyRegenerationInterval 3600 3292559Sdes#ServerKeyBits 768 3392559Sdes 3457429Smarkm# Logging 3557429Smarkm#obsoletes QuietMode and FascistLogging 3692559Sdes#SyslogFacility AUTH 3792559Sdes#LogLevel INFO 3857429Smarkm 3992559Sdes# Authentication: 4092559Sdes 4199051Sdes#LoginGraceTime 120 4299051Sdes#PermitRootLogin no 4392559Sdes#StrictModes yes 4492559Sdes 4592559Sdes#RSAAuthentication yes 4692559Sdes#PubkeyAuthentication yes 4792559Sdes#AuthorizedKeysFile .ssh/authorized_keys 4892559Sdes 4992559Sdes# rhosts authentication should not be used 5092559Sdes#RhostsAuthentication no 5192559Sdes# Don't read the user's ~/.rhosts and ~/.shosts files 5292559Sdes#IgnoreRhosts yes 5392559Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 5492559Sdes#RhostsRSAAuthentication no 5576262Sgreen# similar for protocol version 2 5692559Sdes#HostbasedAuthentication no 5792559Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for 5892559Sdes# RhostsRSAAuthentication and HostbasedAuthentication 5992559Sdes#IgnoreUserKnownHosts no 6057429Smarkm 6157429Smarkm# To disable tunneled clear text passwords, change to no here! 6292559Sdes#PasswordAuthentication yes 6392559Sdes#PermitEmptyPasswords no 6476262Sgreen 6595456Sdes# Change to no to disable s/key passwords 6695456Sdes#ChallengeResponseAuthentication yes 6757429Smarkm 6892559Sdes# Kerberos options 6998684Sdes#KerberosAuthentication no 7057429Smarkm#KerberosOrLocalPasswd yes 7192559Sdes#KerberosTicketCleanup yes 7257429Smarkm 7398684Sdes#AFSTokenPassing no 7457429Smarkm 7592559Sdes# Kerberos TGT Passing only works with the AFS kaserver 7692559Sdes#KerberosTgtPassing no 7792559Sdes 7898941Sdes# Set this to 'yes' to enable PAM keyboard-interactive authentication 7998941Sdes# Warning: enabling this may bypass the setting of 'PasswordAuthentication' 8098941Sdes#PAMAuthenticationViaKbdInt yes 8198941Sdes 8299051Sdes#X11Forwarding yes 8392559Sdes#X11DisplayOffset 10 8492559Sdes#X11UseLocalhost yes 8592559Sdes#PrintMotd yes 8692559Sdes#PrintLastLog yes 8792559Sdes#KeepAlive yes 8857429Smarkm#UseLogin no 8998941Sdes#UsePrivilegeSeparation yes 9098684Sdes#Compression yes 9165674Skris 9292559Sdes#MaxStartups 10 9392559Sdes# no default banner path 9492559Sdes#Banner /some/path 9592559Sdes#VerifyReverseMapping no 9676262Sgreen 9792559Sdes# override default of no subsystems 9876262SgreenSubsystem sftp /usr/libexec/sftp-server 99