sshd_config revision 323129
1# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ 2# $FreeBSD: stable/11/crypto/openssh/sshd_config 323129 2017-09-02 14:25:20Z des $ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 8 9# The strategy used for options in the default sshd_config shipped with 10# OpenSSH is to specify options with their default value where 11# possible, but leave them commented. Uncommented options override the 12# default value. 13 14# Note that some of FreeBSD's defaults differ from OpenBSD's, and 15# FreeBSD has a few additional options. 16 17#Port 22 18#AddressFamily any 19#ListenAddress 0.0.0.0 20#ListenAddress :: 21 22# The default requires explicit activation of protocol 1 23#Protocol 2 24 25# HostKey for protocol version 1 26#HostKey /etc/ssh/ssh_host_key 27# HostKeys for protocol version 2 28#HostKey /etc/ssh/ssh_host_rsa_key 29#HostKey /etc/ssh/ssh_host_dsa_key 30#HostKey /etc/ssh/ssh_host_ecdsa_key 31#HostKey /etc/ssh/ssh_host_ed25519_key 32 33# Lifetime and size of ephemeral version 1 server key 34#KeyRegenerationInterval 1h 35#ServerKeyBits 1024 36 37# Ciphers and keying 38#RekeyLimit default none 39 40# Logging 41#SyslogFacility AUTH 42#LogLevel INFO 43 44# Authentication: 45 46#LoginGraceTime 2m 47#PermitRootLogin no 48#StrictModes yes 49#MaxAuthTries 6 50#MaxSessions 10 51 52#RSAAuthentication yes 53#PubkeyAuthentication yes 54 55# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 56#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 57 58#AuthorizedPrincipalsFile none 59 60#AuthorizedKeysCommand none 61#AuthorizedKeysCommandUser nobody 62 63# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 64#RhostsRSAAuthentication no 65# similar for protocol version 2 66#HostbasedAuthentication no 67# Change to yes if you don't trust ~/.ssh/known_hosts for 68# RhostsRSAAuthentication and HostbasedAuthentication 69#IgnoreUserKnownHosts no 70# Don't read the user's ~/.rhosts and ~/.shosts files 71#IgnoreRhosts yes 72 73# Change to yes to enable built-in password authentication. 74#PasswordAuthentication no 75#PermitEmptyPasswords no 76 77# Change to no to disable PAM authentication 78#ChallengeResponseAuthentication yes 79 80# Kerberos options 81#KerberosAuthentication no 82#KerberosOrLocalPasswd yes 83#KerberosTicketCleanup yes 84#KerberosGetAFSToken no 85 86# GSSAPI options 87#GSSAPIAuthentication no 88#GSSAPICleanupCredentials yes 89 90# Set this to 'no' to disable PAM authentication, account processing, 91# and session processing. If this is enabled, PAM authentication will 92# be allowed through the ChallengeResponseAuthentication and 93# PasswordAuthentication. Depending on your PAM configuration, 94# PAM authentication via ChallengeResponseAuthentication may bypass 95# the setting of "PermitRootLogin without-password". 96# If you just want the PAM account and session checks to run without 97# PAM authentication, then enable this but set PasswordAuthentication 98# and ChallengeResponseAuthentication to 'no'. 99#UsePAM yes 100 101#AllowAgentForwarding yes 102#AllowTcpForwarding yes 103#GatewayPorts no 104#X11Forwarding yes 105#X11DisplayOffset 10 106#X11UseLocalhost yes 107#PermitTTY yes 108#PrintMotd yes 109#PrintLastLog yes 110#TCPKeepAlive yes 111#UseLogin no 112#UsePrivilegeSeparation sandbox 113#PermitUserEnvironment no 114#Compression delayed 115#ClientAliveInterval 0 116#ClientAliveCountMax 3 117#UseDNS yes 118#PidFile /var/run/sshd.pid 119#MaxStartups 10:30:100 120#PermitTunnel no 121#ChrootDirectory none 122#UseBlacklist no 123#VersionAddendum FreeBSD-20170902 124 125# no default banner path 126#Banner none 127 128# override default of no subsystems 129Subsystem sftp /usr/libexec/sftp-server 130 131# Example of overriding settings on a per-user basis 132#Match User anoncvs 133# X11Forwarding no 134# AllowTcpForwarding no 135# PermitTTY no 136# ForceCommand cvs server 137