sshd_config revision 197679 
1#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
2#	$FreeBSD: head/crypto/openssh/sshd_config 197679 2009-10-01 17:12:52Z des $
3
4# This is the sshd server system-wide configuration file.  See
5# sshd_config(5) for more information.
6
7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8
9# The strategy used for options in the default sshd_config shipped with
10# OpenSSH is to specify options with their default value where
11# possible, but leave them commented.  Uncommented options change a
12# default value.
13
14# Note that some of FreeBSD's defaults differ from OpenBSD's, and
15# FreeBSD has a few additional options.
16
17#VersionAddendum FreeBSD-20091001
18
19#Port 22
20#Protocol 2
21#AddressFamily any
22#ListenAddress 0.0.0.0
23#ListenAddress ::
24
25# Disable legacy (protocol version 1) support in the server for new
26# installations. In future the default will change to require explicit
27# activation of protocol 1
28Protocol 2
29
30# HostKey for protocol version 1
31#HostKey /etc/ssh/ssh_host_key
32# HostKeys for protocol version 2
33#HostKey /etc/ssh/ssh_host_rsa_key
34#HostKey /etc/ssh/ssh_host_dsa_key
35
36# Lifetime and size of ephemeral version 1 server key
37#KeyRegenerationInterval 1h
38#ServerKeyBits 1024
39
40# Logging
41# obsoletes QuietMode and FascistLogging
42#SyslogFacility AUTH
43#LogLevel INFO
44
45# Authentication:
46
47#LoginGraceTime 2m
48#PermitRootLogin no
49#StrictModes yes
50#MaxAuthTries 6
51#MaxSessions 10
52
53#RSAAuthentication yes
54#PubkeyAuthentication yes
55#AuthorizedKeysFile	.ssh/authorized_keys
56
57# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
58#RhostsRSAAuthentication no
59# similar for protocol version 2
60#HostbasedAuthentication no
61# Change to yes if you don't trust ~/.ssh/known_hosts for
62# RhostsRSAAuthentication and HostbasedAuthentication
63#IgnoreUserKnownHosts no
64# Don't read the user's ~/.rhosts and ~/.shosts files
65#IgnoreRhosts yes
66
67# Change to yes to enable built-in password authentication.
68#PasswordAuthentication no
69#PermitEmptyPasswords no
70
71# Change to no to disable PAM authentication
72#ChallengeResponseAuthentication yes
73
74# Kerberos options
75#KerberosAuthentication no
76#KerberosOrLocalPasswd yes
77#KerberosTicketCleanup yes
78#KerberosGetAFSToken no
79
80# GSSAPI options
81#GSSAPIAuthentication no
82#GSSAPICleanupCredentials yes
83
84# Set this to 'no' to disable PAM authentication, account processing,
85# and session processing. If this is enabled, PAM authentication will 
86# be allowed through the ChallengeResponseAuthentication and
87# PasswordAuthentication.  Depending on your PAM configuration,
88# PAM authentication via ChallengeResponseAuthentication may bypass
89# the setting of "PermitRootLogin without-password".
90# If you just want the PAM account and session checks to run without
91# PAM authentication, then enable this but set PasswordAuthentication
92# and ChallengeResponseAuthentication to 'no'.
93#UsePAM yes
94
95#AllowAgentForwarding yes
96#AllowTcpForwarding yes
97#GatewayPorts no
98#X11Forwarding yes
99#X11DisplayOffset 10
100#X11UseLocalhost yes
101#PrintMotd yes
102#PrintLastLog yes
103#TCPKeepAlive yes
104#UseLogin no
105#UsePrivilegeSeparation yes
106#PermitUserEnvironment no
107#Compression delayed
108#ClientAliveInterval 0
109#ClientAliveCountMax 3
110#UseDNS yes
111#PidFile /var/run/sshd.pid
112#MaxStartups 10
113#PermitTunnel no
114#ChrootDirectory none
115
116# no default banner path
117#Banner none
118
119# override default of no subsystems
120Subsystem	sftp	/usr/libexec/sftp-server
121
122# Example of overriding settings on a per-user basis
123#Match User anoncvs
124#	X11Forwarding no
125#	AllowTcpForwarding no
126#	ForceCommand cvs server
127