sshd_config revision 127033 
1217309Snwhitehorn#	$OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
2251843Sbapt#	$FreeBSD: head/crypto/openssh/sshd_config 127033 2004-03-15 18:38:29Z des $
3217309Snwhitehorn
4217309Snwhitehorn# This is the sshd server system-wide configuration file.  See
5217309Snwhitehorn# sshd_config(5) for more information.
6217309Snwhitehorn
7217309Snwhitehorn# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8217309Snwhitehorn
9217309Snwhitehorn# The strategy used for options in the default sshd_config shipped with
10217309Snwhitehorn# OpenSSH is to specify options with their default value where
11217309Snwhitehorn# possible, but leave them commented.  Uncommented options change a
12217309Snwhitehorn# default value.
13217309Snwhitehorn
14217309Snwhitehorn# Note that some of FreeBSD's defaults differ from OpenBSD's, and
15217309Snwhitehorn# FreeBSD has a few additional options.
16217309Snwhitehorn
17217309Snwhitehorn#VersionAddendum FreeBSD-20040226
18217309Snwhitehorn
19217309Snwhitehorn#Port 22
20217309Snwhitehorn#Protocol 2
21217309Snwhitehorn#ListenAddress 0.0.0.0
22217309Snwhitehorn#ListenAddress ::
23217309Snwhitehorn
24217309Snwhitehorn# HostKey for protocol version 1
25217309Snwhitehorn#HostKey /etc/ssh/ssh_host_key
26217309Snwhitehorn# HostKeys for protocol version 2
27217309Snwhitehorn#HostKey /etc/ssh/ssh_host_dsa_key
28217309Snwhitehorn
29217309Snwhitehorn# Lifetime and size of ephemeral version 1 server key
30217309Snwhitehorn#KeyRegenerationInterval 1h
31217309Snwhitehorn#ServerKeyBits 768
32217309Snwhitehorn
33217309Snwhitehorn# Logging
34217309Snwhitehorn#obsoletes QuietMode and FascistLogging
35217309Snwhitehorn#SyslogFacility AUTH
36217309Snwhitehorn#LogLevel INFO
37217309Snwhitehorn
38217309Snwhitehorn# Authentication:
39217309Snwhitehorn
40217309Snwhitehorn#LoginGraceTime 2m
41217309Snwhitehorn#PermitRootLogin no
42217309Snwhitehorn#StrictModes yes
43217309Snwhitehorn
44217309Snwhitehorn#RSAAuthentication yes
45217309Snwhitehorn#PubkeyAuthentication yes
46217309Snwhitehorn#AuthorizedKeysFile	.ssh/authorized_keys
47217309Snwhitehorn
48217309Snwhitehorn# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
49217309Snwhitehorn#RhostsRSAAuthentication no
50217309Snwhitehorn# similar for protocol version 2
51217309Snwhitehorn#HostbasedAuthentication no
52217309Snwhitehorn# Change to yes if you don't trust ~/.ssh/known_hosts for
53217309Snwhitehorn# RhostsRSAAuthentication and HostbasedAuthentication
54217309Snwhitehorn#IgnoreUserKnownHosts no
55217309Snwhitehorn# Don't read the user's ~/.rhosts and ~/.shosts files
56217309Snwhitehorn#IgnoreRhosts yes
57217309Snwhitehorn
58217309Snwhitehorn# Change to yes to enable built-in password authentication.
59217309Snwhitehorn#PasswordAuthentication no
60217309Snwhitehorn#PermitEmptyPasswords no
61217309Snwhitehorn
62217309Snwhitehorn# Change to no to disable PAM authentication
63217309Snwhitehorn#ChallengeResponseAuthentication yes
64217309Snwhitehorn
65217309Snwhitehorn# Kerberos options
66251843Sbapt#KerberosAuthentication no
67251843Sbapt#KerberosOrLocalPasswd yes
68217309Snwhitehorn#KerberosTicketCleanup yes
69217309Snwhitehorn#KerberosGetAFSToken no
70217309Snwhitehorn
71217309Snwhitehorn# GSSAPI options
72217309Snwhitehorn#GSSAPIAuthentication no
73217309Snwhitehorn#GSSAPICleanupCredentials yes
74217309Snwhitehorn
75217309Snwhitehorn# Set this to 'no' to disable PAM authentication (via challenge-response)
76217309Snwhitehorn# and session processing.
77217309Snwhitehorn#UsePAM yes
78217309Snwhitehorn
79217309Snwhitehorn#AllowTcpForwarding yes
80#GatewayPorts no
81#X11Forwarding yes
82#X11DisplayOffset 10
83#X11UseLocalhost yes
84#PrintMotd yes
85#PrintLastLog yes
86#TCPKeepAlive yes
87#UseLogin no
88#UsePrivilegeSeparation yes
89#PermitUserEnvironment no
90#Compression yes
91#ClientAliveInterval 0
92#ClientAliveCountMax 3
93#UseDNS yes
94#PidFile /var/run/sshd.pid
95#MaxStartups 10
96
97# no default banner path
98#Banner /some/path
99
100# override default of no subsystems
101Subsystem	sftp	/usr/libexec/sftp-server
102