1# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ 2# $FreeBSD$ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 8 9# The strategy used for options in the default sshd_config shipped with 10# OpenSSH is to specify options with their default value where 11# possible, but leave them commented. Uncommented options change a 12# default value. 13 14# Note that some of FreeBSD's defaults differ from OpenBSD's, and 15# FreeBSD has a few additional options. 16 17#VersionAddendum FreeBSD-20061110 18 19#Port 22 20#Protocol 2 21#AddressFamily any 22#ListenAddress 0.0.0.0 23#ListenAddress :: 24 25# HostKey for protocol version 1 26#HostKey /etc/ssh/ssh_host_key 27# HostKeys for protocol version 2 28#HostKey /etc/ssh/ssh_host_dsa_key 29 30# Lifetime and size of ephemeral version 1 server key 31#KeyRegenerationInterval 1h 32#ServerKeyBits 768 33 34# Logging 35# obsoletes QuietMode and FascistLogging 36#SyslogFacility AUTH 37#LogLevel INFO 38 39# Authentication: 40 41#LoginGraceTime 2m 42PermitRootLogin yes 43#StrictModes yes 44#MaxAuthTries 6 45 46#RSAAuthentication yes 47#PubkeyAuthentication yes 48#AuthorizedKeysFile .ssh/authorized_keys 49 50# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 51#RhostsRSAAuthentication no 52# similar for protocol version 2 53#HostbasedAuthentication no 54# Change to yes if you don't trust ~/.ssh/known_hosts for 55# RhostsRSAAuthentication and HostbasedAuthentication 56#IgnoreUserKnownHosts no 57# Don't read the user's ~/.rhosts and ~/.shosts files 58#IgnoreRhosts yes 59 60# Change to yes to enable built-in password authentication. 61#PasswordAuthentication no 62#PermitEmptyPasswords no 63 64# Change to no to disable PAM authentication 65#ChallengeResponseAuthentication yes 66 67# Kerberos options 68#KerberosAuthentication no 69#KerberosOrLocalPasswd yes 70#KerberosTicketCleanup yes 71#KerberosGetAFSToken no 72 73# GSSAPI options 74#GSSAPIAuthentication no 75#GSSAPICleanupCredentials yes 76 77# Set this to 'no' to disable PAM authentication, account processing, 78# and session processing. If this is enabled, PAM authentication will 79# be allowed through the ChallengeResponseAuthentication and 80# PasswordAuthentication. Depending on your PAM configuration, 81# PAM authentication via ChallengeResponseAuthentication may bypass 82PermitRootLogin yes 83# If you just want the PAM account and session checks to run without 84# PAM authentication, then enable this but set PasswordAuthentication 85# and ChallengeResponseAuthentication to 'no'. 86#UsePAM yes 87 88#AllowTcpForwarding yes 89#GatewayPorts no 90#X11Forwarding yes 91#X11DisplayOffset 10 92#X11UseLocalhost yes 93#PrintMotd yes 94#PrintLastLog yes 95#TCPKeepAlive yes 96#UseLogin no 97#UsePrivilegeSeparation yes 98#PermitUserEnvironment no 99#Compression delayed 100#ClientAliveInterval 0 101#ClientAliveCountMax 3 102#UseDNS yes 103#PidFile /var/run/sshd.pid 104#MaxStartups 10 105#PermitTunnel no 106 107# no default banner path 108#Banner /some/path 109 110# override default of no subsystems 111Subsystem sftp /usr/libexec/sftp-server 112 113# Example of overriding settings on a per-user basis 114#Match User anoncvs 115# X11Forwarding no 116# AllowTcpForwarding no 117# ForceCommand cvs server 118