sshd_config revision 76262 
176262Sgreen#	$OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
276262Sgreen#	$FreeBSD: head/crypto/openssh/sshd_config 76262 2001-05-04 04:14:23Z green $
357429Smarkm
476262Sgreen# This is the sshd server system-wide configuration file.  See sshd(8)
576262Sgreen# for more information.
676262Sgreen
757429SmarkmPort 22
860576Skris#Protocol 2,1
957429Smarkm#ListenAddress 0.0.0.0
1057429Smarkm#ListenAddress ::
1176262SgreenHostKey /etc/ssh_host_key
1276262SgreenHostKey /etc/ssh_host_rsa_key
1376262SgreenHostKey /etc/ssh_host_dsa_key
1457429SmarkmServerKeyBits 768
1565022SkrisLoginGraceTime 120
1657429SmarkmKeyRegenerationInterval 3600
1757432SmarkmPermitRootLogin no
1870990Sgreen# ConnectionsPerPeriod has been deprecated completely
1969591Sgreen
2069591Sgreen# After 10 unauthenticated connections, refuse 30% of the new ones, and
2169591Sgreen# refuse any more than 60 total.
2269591SgreenMaxStartups 10:30:60
2357429Smarkm# Don't read ~/.rhosts and ~/.shosts files
2457429SmarkmIgnoreRhosts yes
2557429Smarkm# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
2657429Smarkm#IgnoreUserKnownHosts yes
2757429SmarkmStrictModes yes
2865357SkrisX11Forwarding yes
2957429SmarkmX11DisplayOffset 10
3057429SmarkmPrintMotd yes
3176262Sgreen#PrintLastLog no
3257429SmarkmKeepAlive yes
3357429Smarkm
3457429Smarkm# Logging
3557429SmarkmSyslogFacility AUTH
3657429SmarkmLogLevel INFO
3757429Smarkm#obsoletes QuietMode and FascistLogging
3857429Smarkm
3957429SmarkmRhostsAuthentication no
4057429Smarkm#
4157429Smarkm# For this to work you will also need host keys in /etc/ssh_known_hosts
4257429SmarkmRhostsRSAAuthentication no
4376262Sgreen# similar for protocol version 2
4476262SgreenHostbasedAuthentication no
4557429Smarkm#
4657429SmarkmRSAAuthentication yes
4757429Smarkm
4857429Smarkm# To disable tunneled clear text passwords, change to no here!
4957429SmarkmPasswordAuthentication yes
5057429SmarkmPermitEmptyPasswords no
5176262Sgreen
5257429Smarkm# Uncomment to disable s/key passwords 
5376262Sgreen#ChallengeResponseAuthentication no
5457429Smarkm
5557429Smarkm# To change Kerberos options
5657429Smarkm#KerberosAuthentication no
5757429Smarkm#KerberosOrLocalPasswd yes
5857429Smarkm#AFSTokenPassing no
5957429Smarkm#KerberosTicketCleanup no
6057429Smarkm
6157429Smarkm# Kerberos TGT Passing does only work with the AFS kaserver
6257429Smarkm#KerberosTgtPassing yes
6357429Smarkm
6460813SacheCheckMail yes
6557429Smarkm#UseLogin no
6665674Skris
6776262Sgreen#MaxStartups 10:30:60
6876262Sgreen#Banner /etc/issue.net
6976262Sgreen#ReverseMappingCheck yes
7076262Sgreen
7176262SgreenSubsystem	sftp	/usr/libexec/sftp-server
72