sshd_config revision 98941
198675Sdes# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ 298675Sdes 398675Sdes# This is the sshd server system-wide configuration file. See 498675Sdes# sshd_config(5) for more information. 598675Sdes 698675Sdes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 798675Sdes 898675Sdes# The strategy used for options in the default sshd_config shipped with 998675Sdes# OpenSSH is to specify options with their default value where 1098675Sdes# possible, but leave them commented. Uncommented options change a 1198675Sdes# default value. 1298675Sdes 1398675Sdes#Port 22 1498675Sdes#Protocol 2,1 1598675Sdes#ListenAddress 0.0.0.0 1698675Sdes#ListenAddress :: 1798675Sdes 1898675Sdes# HostKey for protocol version 1 1998675Sdes#HostKey /etc/ssh/ssh_host_key 2098675Sdes# HostKeys for protocol version 2 2198675Sdes#HostKey /etc/ssh/ssh_host_rsa_key 2298675Sdes#HostKey /etc/ssh/ssh_host_dsa_key 2398675Sdes 2498675Sdes# Lifetime and size of ephemeral version 1 server key 25124208Sdes#KeyRegenerationInterval 3600 2698675Sdes#ServerKeyBits 768 2798675Sdes 28106121Sdes# Logging 29106121Sdes#obsoletes QuietMode and FascistLogging 3098675Sdes#SyslogFacility AUTH 3198675Sdes#LogLevel INFO 3298675Sdes 33106121Sdes# Authentication: 3498675Sdes 3598675Sdes#LoginGraceTime 600 3698675Sdes#PermitRootLogin yes 3798675Sdes#StrictModes yes 3898675Sdes 3998675Sdes#RSAAuthentication yes 4098675Sdes#PubkeyAuthentication yes 4198675Sdes#AuthorizedKeysFile .ssh/authorized_keys 4298675Sdes 43106121Sdes# rhosts authentication should not be used 4498675Sdes#RhostsAuthentication no 45124208Sdes# Don't read the user's ~/.rhosts and ~/.shosts files 46124208Sdes#IgnoreRhosts yes 47106121Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 4898937Sdes#RhostsRSAAuthentication no 4998937Sdes# similar for protocol version 2 5098937Sdes#HostbasedAuthentication no 5198937Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for 5298937Sdes# RhostsRSAAuthentication and HostbasedAuthentication 5398937Sdes#IgnoreUserKnownHosts no 5498675Sdes 5598675Sdes# To disable tunneled clear text passwords, change to no here! 5698675Sdes#PasswordAuthentication yes 5798675Sdes#PermitEmptyPasswords no 5898675Sdes 59124208Sdes# Change to no to disable s/key passwords 6098675Sdes#ChallengeResponseAuthentication yes 6198675Sdes 6298675Sdes# Kerberos options 6398675Sdes#KerberosAuthentication no 6498675Sdes#KerberosOrLocalPasswd yes 6598675Sdes#KerberosTicketCleanup yes 6698675Sdes 6798675Sdes#AFSTokenPassing no 6898675Sdes 6998675Sdes# Kerberos TGT Passing only works with the AFS kaserver 7098675Sdes#KerberosTgtPassing no 7198675Sdes 7298675Sdes# Set this to 'yes' to enable PAM keyboard-interactive authentication 7398675Sdes# Warning: enabling this may bypass the setting of 'PasswordAuthentication' 7498675Sdes#PAMAuthenticationViaKbdInt yes 7598675Sdes 7698675Sdes#X11Forwarding no 7798675Sdes#X11DisplayOffset 10 7898675Sdes#X11UseLocalhost yes 7998675Sdes#PrintMotd yes 8098675Sdes#PrintLastLog yes 8198675Sdes#KeepAlive yes 8298675Sdes#UseLogin no 8398675Sdes#UsePrivilegeSeparation yes 8498675Sdes#Compression yes 8598675Sdes 8698675Sdes#MaxStartups 10 8798675Sdes# no default banner path 8898675Sdes#Banner /some/path 8998675Sdes#VerifyReverseMapping no 9098675Sdes 9198675Sdes# override default of no subsystems 9298675SdesSubsystem sftp /usr/libexec/sftp-server 9398675Sdes