sshd_config revision 98941 
198684Sdes#	$OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
257429Smarkm
398684Sdes# This is the sshd server system-wide configuration file.  See
498684Sdes# sshd_config(5) for more information.
576262Sgreen
698941Sdes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
798941Sdes
892559Sdes# The strategy used for options in the default sshd_config shipped with
992559Sdes# OpenSSH is to specify options with their default value where
1092559Sdes# possible, but leave them commented.  Uncommented options change a
1192559Sdes# default value.
1292559Sdes
1392559Sdes#Port 22
1460576Skris#Protocol 2,1
1557429Smarkm#ListenAddress 0.0.0.0
1657429Smarkm#ListenAddress ::
1769591Sgreen
1892559Sdes# HostKey for protocol version 1
1992559Sdes#HostKey /etc/ssh/ssh_host_key
2092559Sdes# HostKeys for protocol version 2
2192559Sdes#HostKey /etc/ssh/ssh_host_rsa_key
2292559Sdes#HostKey /etc/ssh/ssh_host_dsa_key
2357429Smarkm
2492559Sdes# Lifetime and size of ephemeral version 1 server key
2592559Sdes#KeyRegenerationInterval 3600
2692559Sdes#ServerKeyBits 768
2792559Sdes
2857429Smarkm# Logging
2957429Smarkm#obsoletes QuietMode and FascistLogging
3092559Sdes#SyslogFacility AUTH
3192559Sdes#LogLevel INFO
3257429Smarkm
3392559Sdes# Authentication:
3492559Sdes
3598941Sdes#LoginGraceTime 600
3698941Sdes#PermitRootLogin yes
3792559Sdes#StrictModes yes
3892559Sdes
3992559Sdes#RSAAuthentication yes
4092559Sdes#PubkeyAuthentication yes
4192559Sdes#AuthorizedKeysFile	.ssh/authorized_keys
4292559Sdes
4392559Sdes# rhosts authentication should not be used
4492559Sdes#RhostsAuthentication no
4592559Sdes# Don't read the user's ~/.rhosts and ~/.shosts files
4692559Sdes#IgnoreRhosts yes
4792559Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
4892559Sdes#RhostsRSAAuthentication no
4976262Sgreen# similar for protocol version 2
5092559Sdes#HostbasedAuthentication no
5192559Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for
5292559Sdes# RhostsRSAAuthentication and HostbasedAuthentication
5392559Sdes#IgnoreUserKnownHosts no
5457429Smarkm
5557429Smarkm# To disable tunneled clear text passwords, change to no here!
5692559Sdes#PasswordAuthentication yes
5792559Sdes#PermitEmptyPasswords no
5876262Sgreen
5995456Sdes# Change to no to disable s/key passwords
6095456Sdes#ChallengeResponseAuthentication yes
6157429Smarkm
6292559Sdes# Kerberos options
6398684Sdes#KerberosAuthentication no
6457429Smarkm#KerberosOrLocalPasswd yes
6592559Sdes#KerberosTicketCleanup yes
6657429Smarkm
6798684Sdes#AFSTokenPassing no
6857429Smarkm
6992559Sdes# Kerberos TGT Passing only works with the AFS kaserver
7092559Sdes#KerberosTgtPassing no
7192559Sdes
7298941Sdes# Set this to 'yes' to enable PAM keyboard-interactive authentication 
7398941Sdes# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
7498941Sdes#PAMAuthenticationViaKbdInt yes
7598941Sdes
7698941Sdes#X11Forwarding no
7792559Sdes#X11DisplayOffset 10
7892559Sdes#X11UseLocalhost yes
7992559Sdes#PrintMotd yes
8092559Sdes#PrintLastLog yes
8192559Sdes#KeepAlive yes
8257429Smarkm#UseLogin no
8398941Sdes#UsePrivilegeSeparation yes
8498684Sdes#Compression yes
8565674Skris
8692559Sdes#MaxStartups 10
8792559Sdes# no default banner path
8892559Sdes#Banner /some/path
8992559Sdes#VerifyReverseMapping no
9076262Sgreen
9192559Sdes# override default of no subsystems
9276262SgreenSubsystem	sftp	/usr/libexec/sftp-server
93