sshd_config revision 99315 
198684Sdes#	$OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
299051Sdes#	$FreeBSD: head/crypto/openssh/sshd_config 99315 2002-07-03 00:08:19Z des $
357429Smarkm
498684Sdes# This is the sshd server system-wide configuration file.  See
598684Sdes# sshd_config(5) for more information.
676262Sgreen
798941Sdes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
898941Sdes
992559Sdes# The strategy used for options in the default sshd_config shipped with
1092559Sdes# OpenSSH is to specify options with their default value where
1192559Sdes# possible, but leave them commented.  Uncommented options change a
1292559Sdes# default value.
1392559Sdes
1499051Sdes# Note that some of FreeBSD's defaults differ from OpenBSD's, and
1599051Sdes# FreeBSD has a few additional options.
1699051Sdes
1799132Sdes#VersionAddendum FreeBSD-20020629
1899051Sdes
1992559Sdes#Port 22
2060576Skris#Protocol 2,1
2157429Smarkm#ListenAddress 0.0.0.0
2257429Smarkm#ListenAddress ::
2369591Sgreen
2492559Sdes# HostKey for protocol version 1
2592559Sdes#HostKey /etc/ssh/ssh_host_key
2692559Sdes# HostKeys for protocol version 2
2792559Sdes#HostKey /etc/ssh/ssh_host_rsa_key
2892559Sdes#HostKey /etc/ssh/ssh_host_dsa_key
2957429Smarkm
3092559Sdes# Lifetime and size of ephemeral version 1 server key
3192559Sdes#KeyRegenerationInterval 3600
3292559Sdes#ServerKeyBits 768
3392559Sdes
3457429Smarkm# Logging
3557429Smarkm#obsoletes QuietMode and FascistLogging
3692559Sdes#SyslogFacility AUTH
3792559Sdes#LogLevel INFO
3857429Smarkm
3992559Sdes# Authentication:
4092559Sdes
4199051Sdes#LoginGraceTime 120
4299051Sdes#PermitRootLogin no
4392559Sdes#StrictModes yes
4492559Sdes
4592559Sdes#RSAAuthentication yes
4692559Sdes#PubkeyAuthentication yes
4792559Sdes#AuthorizedKeysFile	.ssh/authorized_keys
4892559Sdes
4992559Sdes# rhosts authentication should not be used
5092559Sdes#RhostsAuthentication no
5192559Sdes# Don't read the user's ~/.rhosts and ~/.shosts files
5292559Sdes#IgnoreRhosts yes
5392559Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
5492559Sdes#RhostsRSAAuthentication no
5576262Sgreen# similar for protocol version 2
5692559Sdes#HostbasedAuthentication no
5792559Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for
5892559Sdes# RhostsRSAAuthentication and HostbasedAuthentication
5992559Sdes#IgnoreUserKnownHosts no
6057429Smarkm
6157429Smarkm# To disable tunneled clear text passwords, change to no here!
6292559Sdes#PasswordAuthentication yes
6392559Sdes#PermitEmptyPasswords no
6476262Sgreen
6599315Sdes# Change to no to disable PAM authentication
6695456Sdes#ChallengeResponseAuthentication yes
6757429Smarkm
6892559Sdes# Kerberos options
6998684Sdes#KerberosAuthentication no
7057429Smarkm#KerberosOrLocalPasswd yes
7192559Sdes#KerberosTicketCleanup yes
7257429Smarkm
7398684Sdes#AFSTokenPassing no
7457429Smarkm
7592559Sdes# Kerberos TGT Passing only works with the AFS kaserver
7692559Sdes#KerberosTgtPassing no
7792559Sdes
7899051Sdes#X11Forwarding yes
7992559Sdes#X11DisplayOffset 10
8092559Sdes#X11UseLocalhost yes
8192559Sdes#PrintMotd yes
8292559Sdes#PrintLastLog yes
8392559Sdes#KeepAlive yes
8457429Smarkm#UseLogin no
8598941Sdes#UsePrivilegeSeparation yes
8698684Sdes#Compression yes
8765674Skris
8892559Sdes#MaxStartups 10
8992559Sdes# no default banner path
9092559Sdes#Banner /some/path
9192559Sdes#VerifyReverseMapping no
9276262Sgreen
9392559Sdes# override default of no subsystems
9476262SgreenSubsystem	sftp	/usr/libexec/sftp-server
95