sshd_config revision 99315
11539Srgrimes# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ 21539Srgrimes# $FreeBSD: head/crypto/openssh/sshd_config 99315 2002-07-03 00:08:19Z des $ 31539Srgrimes 41539Srgrimes# This is the sshd server system-wide configuration file. See 51539Srgrimes# sshd_config(5) for more information. 61539Srgrimes 71539Srgrimes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 81539Srgrimes 91539Srgrimes# The strategy used for options in the default sshd_config shipped with 101539Srgrimes# OpenSSH is to specify options with their default value where 111539Srgrimes# possible, but leave them commented. Uncommented options change a 121539Srgrimes# default value. 131539Srgrimes 141539Srgrimes# Note that some of FreeBSD's defaults differ from OpenBSD's, and 151539Srgrimes# FreeBSD has a few additional options. 161539Srgrimes 171539Srgrimes#VersionAddendum FreeBSD-20020629 181539Srgrimes 191539Srgrimes#Port 22 201539Srgrimes#Protocol 2,1 211539Srgrimes#ListenAddress 0.0.0.0 221539Srgrimes#ListenAddress :: 231539Srgrimes 241539Srgrimes# HostKey for protocol version 1 251539Srgrimes#HostKey /etc/ssh/ssh_host_key 261539Srgrimes# HostKeys for protocol version 2 271539Srgrimes#HostKey /etc/ssh/ssh_host_rsa_key 281539Srgrimes#HostKey /etc/ssh/ssh_host_dsa_key 291539Srgrimes 301539Srgrimes# Lifetime and size of ephemeral version 1 server key 311539Srgrimes#KeyRegenerationInterval 3600 321539Srgrimes#ServerKeyBits 768 331539Srgrimes 341539Srgrimes# Logging 351539Srgrimes#obsoletes QuietMode and FascistLogging 361539Srgrimes#SyslogFacility AUTH 371539Srgrimes#LogLevel INFO 381539Srgrimes 391539Srgrimes# Authentication: 401539Srgrimes 411539Srgrimes#LoginGraceTime 120 421539Srgrimes#PermitRootLogin no 431539Srgrimes#StrictModes yes 441539Srgrimes 451539Srgrimes#RSAAuthentication yes 461539Srgrimes#PubkeyAuthentication yes 471539Srgrimes#AuthorizedKeysFile .ssh/authorized_keys 481539Srgrimes 491539Srgrimes# rhosts authentication should not be used 501539Srgrimes#RhostsAuthentication no 511539Srgrimes# Don't read the user's ~/.rhosts and ~/.shosts files 521539Srgrimes#IgnoreRhosts yes 531539Srgrimes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 541539Srgrimes#RhostsRSAAuthentication no 551539Srgrimes# similar for protocol version 2 561539Srgrimes#HostbasedAuthentication no 571539Srgrimes# Change to yes if you don't trust ~/.ssh/known_hosts for 581539Srgrimes# RhostsRSAAuthentication and HostbasedAuthentication 591539Srgrimes#IgnoreUserKnownHosts no 601539Srgrimes 611539Srgrimes# To disable tunneled clear text passwords, change to no here! 621539Srgrimes#PasswordAuthentication yes 631539Srgrimes#PermitEmptyPasswords no 641539Srgrimes 651539Srgrimes# Change to no to disable PAM authentication 66#ChallengeResponseAuthentication yes 67 68# Kerberos options 69#KerberosAuthentication no 70#KerberosOrLocalPasswd yes 71#KerberosTicketCleanup yes 72 73#AFSTokenPassing no 74 75# Kerberos TGT Passing only works with the AFS kaserver 76#KerberosTgtPassing no 77 78#X11Forwarding yes 79#X11DisplayOffset 10 80#X11UseLocalhost yes 81#PrintMotd yes 82#PrintLastLog yes 83#KeepAlive yes 84#UseLogin no 85#UsePrivilegeSeparation yes 86#Compression yes 87 88#MaxStartups 10 89# no default banner path 90#Banner /some/path 91#VerifyReverseMapping no 92 93# override default of no subsystems 94Subsystem sftp /usr/libexec/sftp-server 95