sshd_config revision 126277 
1#	$OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
2#	$FreeBSD: head/crypto/openssh/sshd_config 126277 2004-02-26 10:52:33Z des $
3
4# This is the sshd server system-wide configuration file.  See
5# sshd_config(5) for more information.
6
7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8
9# The strategy used for options in the default sshd_config shipped with
10# OpenSSH is to specify options with their default value where
11# possible, but leave them commented.  Uncommented options change a
12# default value.
13
14# Note that some of FreeBSD's defaults differ from OpenBSD's, and
15# FreeBSD has a few additional options.
16
17#VersionAddendum FreeBSD-20040106
18
19#Port 22
20#Protocol 2
21#ListenAddress 0.0.0.0
22#ListenAddress ::
23
24# HostKey for protocol version 1
25#HostKey /etc/ssh/ssh_host_key
26# HostKeys for protocol version 2
27#HostKey /etc/ssh/ssh_host_dsa_key
28
29# Lifetime and size of ephemeral version 1 server key
30#KeyRegenerationInterval 1h
31#ServerKeyBits 768
32
33# Logging
34#obsoletes QuietMode and FascistLogging
35#SyslogFacility AUTH
36#LogLevel INFO
37
38# Authentication:
39
40#LoginGraceTime 2m
41#PermitRootLogin no
42#StrictModes yes
43
44#RSAAuthentication yes
45#PubkeyAuthentication yes
46#AuthorizedKeysFile	.ssh/authorized_keys
47
48# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
49#RhostsRSAAuthentication no
50# similar for protocol version 2
51#HostbasedAuthentication no
52# Change to yes if you don't trust ~/.ssh/known_hosts for
53# RhostsRSAAuthentication and HostbasedAuthentication
54#IgnoreUserKnownHosts no
55# Don't read the user's ~/.rhosts and ~/.shosts files
56#IgnoreRhosts yes
57
58# Change to yes to enable built-in password authentication.
59#PasswordAuthentication no
60#PermitEmptyPasswords no
61
62# Change to no to disable PAM authentication
63#ChallengeResponseAuthentication yes
64
65# Kerberos options
66#KerberosAuthentication no
67#KerberosOrLocalPasswd yes
68#KerberosTicketCleanup yes
69#KerberosGetAFSToken no
70
71# GSSAPI options
72#GSSAPIAuthentication no
73#GSSAPICleanupCredentials yes
74
75# Set this to 'yes' to enable PAM authentication (via challenge-response)
76# and session processing. Depending on your PAM configuration, this may
77# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
78#UsePAM no
79
80#AllowTcpForwarding yes
81#GatewayPorts no
82#X11Forwarding yes
83#X11DisplayOffset 10
84#X11UseLocalhost yes
85#PrintMotd yes
86#PrintLastLog yes
87#TCPKeepAlive yes
88#UseLogin no
89#UsePrivilegeSeparation yes
90#PermitUserEnvironment no
91#Compression yes
92#ClientAliveInterval 0
93#ClientAliveCountMax 3
94#UseDNS yes
95#PidFile /var/run/sshd.pid
96#MaxStartups 10
97
98# no default banner path
99#Banner /some/path
100
101# override default of no subsystems
102Subsystem	sftp	/usr/libexec/sftp-server
103