sshd_config revision 98941 
198675Sdes#	$OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
298675Sdes
398675Sdes# This is the sshd server system-wide configuration file.  See
498675Sdes# sshd_config(5) for more information.
598675Sdes
698675Sdes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
798675Sdes
898675Sdes# The strategy used for options in the default sshd_config shipped with
998675Sdes# OpenSSH is to specify options with their default value where
1098675Sdes# possible, but leave them commented.  Uncommented options change a
1198675Sdes# default value.
1298675Sdes
1398675Sdes#Port 22
1498675Sdes#Protocol 2,1
1598675Sdes#ListenAddress 0.0.0.0
1698675Sdes#ListenAddress ::
1798675Sdes
1898675Sdes# HostKey for protocol version 1
1998675Sdes#HostKey /etc/ssh/ssh_host_key
2098675Sdes# HostKeys for protocol version 2
2198675Sdes#HostKey /etc/ssh/ssh_host_rsa_key
2298675Sdes#HostKey /etc/ssh/ssh_host_dsa_key
2398675Sdes
2498675Sdes# Lifetime and size of ephemeral version 1 server key
25124208Sdes#KeyRegenerationInterval 3600
2698675Sdes#ServerKeyBits 768
2798675Sdes
28106121Sdes# Logging
29106121Sdes#obsoletes QuietMode and FascistLogging
3098675Sdes#SyslogFacility AUTH
3198675Sdes#LogLevel INFO
3298675Sdes
33106121Sdes# Authentication:
3498675Sdes
3598675Sdes#LoginGraceTime 600
3698675Sdes#PermitRootLogin yes
3798675Sdes#StrictModes yes
3898675Sdes
3998675Sdes#RSAAuthentication yes
4098675Sdes#PubkeyAuthentication yes
4198675Sdes#AuthorizedKeysFile	.ssh/authorized_keys
4298675Sdes
43106121Sdes# rhosts authentication should not be used
4498675Sdes#RhostsAuthentication no
45124208Sdes# Don't read the user's ~/.rhosts and ~/.shosts files
46124208Sdes#IgnoreRhosts yes
47106121Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
4898937Sdes#RhostsRSAAuthentication no
4998937Sdes# similar for protocol version 2
5098937Sdes#HostbasedAuthentication no
5198937Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for
5298937Sdes# RhostsRSAAuthentication and HostbasedAuthentication
5398937Sdes#IgnoreUserKnownHosts no
5498675Sdes
5598675Sdes# To disable tunneled clear text passwords, change to no here!
5698675Sdes#PasswordAuthentication yes
5798675Sdes#PermitEmptyPasswords no
5898675Sdes
59124208Sdes# Change to no to disable s/key passwords
6098675Sdes#ChallengeResponseAuthentication yes
6198675Sdes
6298675Sdes# Kerberos options
6398675Sdes#KerberosAuthentication no
6498675Sdes#KerberosOrLocalPasswd yes
6598675Sdes#KerberosTicketCleanup yes
6698675Sdes
6798675Sdes#AFSTokenPassing no
6898675Sdes
6998675Sdes# Kerberos TGT Passing only works with the AFS kaserver
7098675Sdes#KerberosTgtPassing no
7198675Sdes
7298675Sdes# Set this to 'yes' to enable PAM keyboard-interactive authentication 
7398675Sdes# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
7498675Sdes#PAMAuthenticationViaKbdInt yes
7598675Sdes
7698675Sdes#X11Forwarding no
7798675Sdes#X11DisplayOffset 10
7898675Sdes#X11UseLocalhost yes
7998675Sdes#PrintMotd yes
8098675Sdes#PrintLastLog yes
8198675Sdes#KeepAlive yes
8298675Sdes#UseLogin no
8398675Sdes#UsePrivilegeSeparation yes
8498675Sdes#Compression yes
8598675Sdes
8698675Sdes#MaxStartups 10
8798675Sdes# no default banner path
8898675Sdes#Banner /some/path
8998675Sdes#VerifyReverseMapping no
9098675Sdes
9198675Sdes# override default of no subsystems
9298675SdesSubsystem	sftp	/usr/libexec/sftp-server
9398675Sdes