sshd_config revision 127033
1217309Snwhitehorn# $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ 2251843Sbapt# $FreeBSD: head/crypto/openssh/sshd_config 127033 2004-03-15 18:38:29Z des $ 3217309Snwhitehorn 4217309Snwhitehorn# This is the sshd server system-wide configuration file. See 5217309Snwhitehorn# sshd_config(5) for more information. 6217309Snwhitehorn 7217309Snwhitehorn# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 8217309Snwhitehorn 9217309Snwhitehorn# The strategy used for options in the default sshd_config shipped with 10217309Snwhitehorn# OpenSSH is to specify options with their default value where 11217309Snwhitehorn# possible, but leave them commented. Uncommented options change a 12217309Snwhitehorn# default value. 13217309Snwhitehorn 14217309Snwhitehorn# Note that some of FreeBSD's defaults differ from OpenBSD's, and 15217309Snwhitehorn# FreeBSD has a few additional options. 16217309Snwhitehorn 17217309Snwhitehorn#VersionAddendum FreeBSD-20040226 18217309Snwhitehorn 19217309Snwhitehorn#Port 22 20217309Snwhitehorn#Protocol 2 21217309Snwhitehorn#ListenAddress 0.0.0.0 22217309Snwhitehorn#ListenAddress :: 23217309Snwhitehorn 24217309Snwhitehorn# HostKey for protocol version 1 25217309Snwhitehorn#HostKey /etc/ssh/ssh_host_key 26217309Snwhitehorn# HostKeys for protocol version 2 27217309Snwhitehorn#HostKey /etc/ssh/ssh_host_dsa_key 28217309Snwhitehorn 29217309Snwhitehorn# Lifetime and size of ephemeral version 1 server key 30217309Snwhitehorn#KeyRegenerationInterval 1h 31217309Snwhitehorn#ServerKeyBits 768 32217309Snwhitehorn 33217309Snwhitehorn# Logging 34217309Snwhitehorn#obsoletes QuietMode and FascistLogging 35217309Snwhitehorn#SyslogFacility AUTH 36217309Snwhitehorn#LogLevel INFO 37217309Snwhitehorn 38217309Snwhitehorn# Authentication: 39217309Snwhitehorn 40217309Snwhitehorn#LoginGraceTime 2m 41217309Snwhitehorn#PermitRootLogin no 42217309Snwhitehorn#StrictModes yes 43217309Snwhitehorn 44217309Snwhitehorn#RSAAuthentication yes 45217309Snwhitehorn#PubkeyAuthentication yes 46217309Snwhitehorn#AuthorizedKeysFile .ssh/authorized_keys 47217309Snwhitehorn 48217309Snwhitehorn# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 49217309Snwhitehorn#RhostsRSAAuthentication no 50217309Snwhitehorn# similar for protocol version 2 51217309Snwhitehorn#HostbasedAuthentication no 52217309Snwhitehorn# Change to yes if you don't trust ~/.ssh/known_hosts for 53217309Snwhitehorn# RhostsRSAAuthentication and HostbasedAuthentication 54217309Snwhitehorn#IgnoreUserKnownHosts no 55217309Snwhitehorn# Don't read the user's ~/.rhosts and ~/.shosts files 56217309Snwhitehorn#IgnoreRhosts yes 57217309Snwhitehorn 58217309Snwhitehorn# Change to yes to enable built-in password authentication. 59217309Snwhitehorn#PasswordAuthentication no 60217309Snwhitehorn#PermitEmptyPasswords no 61217309Snwhitehorn 62217309Snwhitehorn# Change to no to disable PAM authentication 63217309Snwhitehorn#ChallengeResponseAuthentication yes 64217309Snwhitehorn 65217309Snwhitehorn# Kerberos options 66251843Sbapt#KerberosAuthentication no 67251843Sbapt#KerberosOrLocalPasswd yes 68217309Snwhitehorn#KerberosTicketCleanup yes 69217309Snwhitehorn#KerberosGetAFSToken no 70217309Snwhitehorn 71217309Snwhitehorn# GSSAPI options 72217309Snwhitehorn#GSSAPIAuthentication no 73217309Snwhitehorn#GSSAPICleanupCredentials yes 74217309Snwhitehorn 75217309Snwhitehorn# Set this to 'no' to disable PAM authentication (via challenge-response) 76217309Snwhitehorn# and session processing. 77217309Snwhitehorn#UsePAM yes 78217309Snwhitehorn 79217309Snwhitehorn#AllowTcpForwarding yes 80#GatewayPorts no 81#X11Forwarding yes 82#X11DisplayOffset 10 83#X11UseLocalhost yes 84#PrintMotd yes 85#PrintLastLog yes 86#TCPKeepAlive yes 87#UseLogin no 88#UsePrivilegeSeparation yes 89#PermitUserEnvironment no 90#Compression yes 91#ClientAliveInterval 0 92#ClientAliveCountMax 3 93#UseDNS yes 94#PidFile /var/run/sshd.pid 95#MaxStartups 10 96 97# no default banner path 98#Banner /some/path 99 100# override default of no subsystems 101Subsystem sftp /usr/libexec/sftp-server 102