sshd_config revision 197957 
1#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
2#	$FreeBSD: head/crypto/openssh/sshd_config 197957 2009-10-11 14:27:33Z des $
3
4# This is the sshd server system-wide configuration file.  See
5# sshd_config(5) for more information.
6
7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8
9# The strategy used for options in the default sshd_config shipped with
10# OpenSSH is to specify options with their default value where
11# possible, but leave them commented.  Uncommented options change a
12# default value.
13
14# Note that some of FreeBSD's defaults differ from OpenBSD's, and
15# FreeBSD has a few additional options.
16
17#VersionAddendum FreeBSD-20091001
18
19#Port 22
20#AddressFamily any
21#ListenAddress 0.0.0.0
22#ListenAddress ::
23
24# Disable legacy (protocol version 1) support in the server for new
25# installations. In future the default will change to require explicit
26# activation of protocol 1
27Protocol 2
28
29# HostKey for protocol version 1
30#HostKey /etc/ssh/ssh_host_key
31# HostKeys for protocol version 2
32#HostKey /etc/ssh/ssh_host_rsa_key
33#HostKey /etc/ssh/ssh_host_dsa_key
34
35# Lifetime and size of ephemeral version 1 server key
36#KeyRegenerationInterval 1h
37#ServerKeyBits 1024
38
39# Logging
40# obsoletes QuietMode and FascistLogging
41#SyslogFacility AUTH
42#LogLevel INFO
43
44# Authentication:
45
46#LoginGraceTime 2m
47#PermitRootLogin no
48#StrictModes yes
49#MaxAuthTries 6
50#MaxSessions 10
51
52#RSAAuthentication yes
53#PubkeyAuthentication yes
54#AuthorizedKeysFile	.ssh/authorized_keys
55
56# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
57#RhostsRSAAuthentication no
58# similar for protocol version 2
59#HostbasedAuthentication no
60# Change to yes if you don't trust ~/.ssh/known_hosts for
61# RhostsRSAAuthentication and HostbasedAuthentication
62#IgnoreUserKnownHosts no
63# Don't read the user's ~/.rhosts and ~/.shosts files
64#IgnoreRhosts yes
65
66# Change to yes to enable built-in password authentication.
67#PasswordAuthentication no
68#PermitEmptyPasswords no
69
70# Change to no to disable PAM authentication
71#ChallengeResponseAuthentication yes
72
73# Kerberos options
74#KerberosAuthentication no
75#KerberosOrLocalPasswd yes
76#KerberosTicketCleanup yes
77#KerberosGetAFSToken no
78
79# GSSAPI options
80#GSSAPIAuthentication no
81#GSSAPICleanupCredentials yes
82
83# Set this to 'no' to disable PAM authentication, account processing,
84# and session processing. If this is enabled, PAM authentication will 
85# be allowed through the ChallengeResponseAuthentication and
86# PasswordAuthentication.  Depending on your PAM configuration,
87# PAM authentication via ChallengeResponseAuthentication may bypass
88# the setting of "PermitRootLogin without-password".
89# If you just want the PAM account and session checks to run without
90# PAM authentication, then enable this but set PasswordAuthentication
91# and ChallengeResponseAuthentication to 'no'.
92#UsePAM yes
93
94#AllowAgentForwarding yes
95#AllowTcpForwarding yes
96#GatewayPorts no
97#X11Forwarding yes
98#X11DisplayOffset 10
99#X11UseLocalhost yes
100#PrintMotd yes
101#PrintLastLog yes
102#TCPKeepAlive yes
103#UseLogin no
104#UsePrivilegeSeparation yes
105#PermitUserEnvironment no
106#Compression delayed
107#ClientAliveInterval 0
108#ClientAliveCountMax 3
109#UseDNS yes
110#PidFile /var/run/sshd.pid
111#MaxStartups 10
112#PermitTunnel no
113#ChrootDirectory none
114
115# no default banner path
116#Banner none
117
118# override default of no subsystems
119Subsystem	sftp	/usr/libexec/sftp-server
120
121# Example of overriding settings on a per-user basis
122#Match User anoncvs
123#	X11Forwarding no
124#	AllowTcpForwarding no
125#	ForceCommand cvs server
126