sshd_config revision 98941
198684Sdes# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ 257429Smarkm 398684Sdes# This is the sshd server system-wide configuration file. See 498684Sdes# sshd_config(5) for more information. 576262Sgreen 698941Sdes# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 798941Sdes 892559Sdes# The strategy used for options in the default sshd_config shipped with 992559Sdes# OpenSSH is to specify options with their default value where 1092559Sdes# possible, but leave them commented. Uncommented options change a 1192559Sdes# default value. 1292559Sdes 1392559Sdes#Port 22 1460576Skris#Protocol 2,1 1557429Smarkm#ListenAddress 0.0.0.0 1657429Smarkm#ListenAddress :: 1769591Sgreen 1892559Sdes# HostKey for protocol version 1 1992559Sdes#HostKey /etc/ssh/ssh_host_key 2092559Sdes# HostKeys for protocol version 2 2192559Sdes#HostKey /etc/ssh/ssh_host_rsa_key 2292559Sdes#HostKey /etc/ssh/ssh_host_dsa_key 2357429Smarkm 2492559Sdes# Lifetime and size of ephemeral version 1 server key 2592559Sdes#KeyRegenerationInterval 3600 2692559Sdes#ServerKeyBits 768 2792559Sdes 2857429Smarkm# Logging 2957429Smarkm#obsoletes QuietMode and FascistLogging 3092559Sdes#SyslogFacility AUTH 3192559Sdes#LogLevel INFO 3257429Smarkm 3392559Sdes# Authentication: 3492559Sdes 3598941Sdes#LoginGraceTime 600 3698941Sdes#PermitRootLogin yes 3792559Sdes#StrictModes yes 3892559Sdes 3992559Sdes#RSAAuthentication yes 4092559Sdes#PubkeyAuthentication yes 4192559Sdes#AuthorizedKeysFile .ssh/authorized_keys 4292559Sdes 4392559Sdes# rhosts authentication should not be used 4492559Sdes#RhostsAuthentication no 4592559Sdes# Don't read the user's ~/.rhosts and ~/.shosts files 4692559Sdes#IgnoreRhosts yes 4792559Sdes# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 4892559Sdes#RhostsRSAAuthentication no 4976262Sgreen# similar for protocol version 2 5092559Sdes#HostbasedAuthentication no 5192559Sdes# Change to yes if you don't trust ~/.ssh/known_hosts for 5292559Sdes# RhostsRSAAuthentication and HostbasedAuthentication 5392559Sdes#IgnoreUserKnownHosts no 5457429Smarkm 5557429Smarkm# To disable tunneled clear text passwords, change to no here! 5692559Sdes#PasswordAuthentication yes 5792559Sdes#PermitEmptyPasswords no 5876262Sgreen 5995456Sdes# Change to no to disable s/key passwords 6095456Sdes#ChallengeResponseAuthentication yes 6157429Smarkm 6292559Sdes# Kerberos options 6398684Sdes#KerberosAuthentication no 6457429Smarkm#KerberosOrLocalPasswd yes 6592559Sdes#KerberosTicketCleanup yes 6657429Smarkm 6798684Sdes#AFSTokenPassing no 6857429Smarkm 6992559Sdes# Kerberos TGT Passing only works with the AFS kaserver 7092559Sdes#KerberosTgtPassing no 7192559Sdes 7298941Sdes# Set this to 'yes' to enable PAM keyboard-interactive authentication 7398941Sdes# Warning: enabling this may bypass the setting of 'PasswordAuthentication' 7498941Sdes#PAMAuthenticationViaKbdInt yes 7598941Sdes 7698941Sdes#X11Forwarding no 7792559Sdes#X11DisplayOffset 10 7892559Sdes#X11UseLocalhost yes 7992559Sdes#PrintMotd yes 8092559Sdes#PrintLastLog yes 8192559Sdes#KeepAlive yes 8257429Smarkm#UseLogin no 8398941Sdes#UsePrivilegeSeparation yes 8498684Sdes#Compression yes 8565674Skris 8692559Sdes#MaxStartups 10 8792559Sdes# no default banner path 8892559Sdes#Banner /some/path 8992559Sdes#VerifyReverseMapping no 9076262Sgreen 9192559Sdes# override default of no subsystems 9276262SgreenSubsystem sftp /usr/libexec/sftp-server 93