sshd_config revision 98941 
1179193Sjb#	$OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
2179193Sjb
3179193Sjb# This is the sshd server system-wide configuration file.  See
4179193Sjb# sshd_config(5) for more information.
5179193Sjb
6179193Sjb# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7179193Sjb
8179193Sjb# The strategy used for options in the default sshd_config shipped with
9179193Sjb# OpenSSH is to specify options with their default value where
10179193Sjb# possible, but leave them commented.  Uncommented options change a
11179193Sjb# default value.
12179193Sjb
13179193Sjb#Port 22
14179193Sjb#Protocol 2,1
15179193Sjb#ListenAddress 0.0.0.0
16179193Sjb#ListenAddress ::
17179193Sjb
18179193Sjb# HostKey for protocol version 1
19179193Sjb#HostKey /etc/ssh/ssh_host_key
20211738Srpaulo# HostKeys for protocol version 2
21211738Srpaulo#HostKey /etc/ssh/ssh_host_rsa_key
22211738Srpaulo#HostKey /etc/ssh/ssh_host_dsa_key
23211738Srpaulo
24179193Sjb# Lifetime and size of ephemeral version 1 server key
25179193Sjb#KeyRegenerationInterval 3600
26179193Sjb#ServerKeyBits 768
27179198Sjb
28179193Sjb# Logging
29179193Sjb#obsoletes QuietMode and FascistLogging
30179193Sjb#SyslogFacility AUTH
31211738Srpaulo#LogLevel INFO
32179193Sjb
33211738Srpaulo# Authentication:
34179193Sjb
35179193Sjb#LoginGraceTime 600
36179193Sjb#PermitRootLogin yes
37179193Sjb#StrictModes yes
38179193Sjb
39179193Sjb#RSAAuthentication yes
40179193Sjb#PubkeyAuthentication yes
41211738Srpaulo#AuthorizedKeysFile	.ssh/authorized_keys
42179193Sjb
43211738Srpaulo# rhosts authentication should not be used
44179193Sjb#RhostsAuthentication no
45179193Sjb# Don't read the user's ~/.rhosts and ~/.shosts files
46179193Sjb#IgnoreRhosts yes
47211738Srpaulo# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
48179193Sjb#RhostsRSAAuthentication no
49211738Srpaulo# similar for protocol version 2
50179193Sjb#HostbasedAuthentication no
51179193Sjb# Change to yes if you don't trust ~/.ssh/known_hosts for
52179193Sjb# RhostsRSAAuthentication and HostbasedAuthentication
53179193Sjb#IgnoreUserKnownHosts no
54179193Sjb
55179193Sjb# To disable tunneled clear text passwords, change to no here!
56179193Sjb#PasswordAuthentication yes
57179193Sjb#PermitEmptyPasswords no
58211738Srpaulo
59179193Sjb# Change to no to disable s/key passwords
60211738Srpaulo#ChallengeResponseAuthentication yes
61211738Srpaulo
62211738Srpaulo# Kerberos options
63211738Srpaulo#KerberosAuthentication no
64211738Srpaulo#KerberosOrLocalPasswd yes
65211738Srpaulo#KerberosTicketCleanup yes
66211738Srpaulo
67211738Srpaulo#AFSTokenPassing no
68179193Sjb
69179193Sjb# Kerberos TGT Passing only works with the AFS kaserver
70179193Sjb#KerberosTgtPassing no
71179193Sjb
72179193Sjb# Set this to 'yes' to enable PAM keyboard-interactive authentication 
73179193Sjb# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
74179193Sjb#PAMAuthenticationViaKbdInt yes
75179193Sjb
76179193Sjb#X11Forwarding no
77179193Sjb#X11DisplayOffset 10
78179193Sjb#X11UseLocalhost yes
79179193Sjb#PrintMotd yes
80179193Sjb#PrintLastLog yes
81179193Sjb#KeepAlive yes
82179193Sjb#UseLogin no
83179193Sjb#UsePrivilegeSeparation yes
84179193Sjb#Compression yes
85179193Sjb
86179193Sjb#MaxStartups 10
87179193Sjb# no default banner path
88179193Sjb#Banner /some/path
89179193Sjb#VerifyReverseMapping no
90179193Sjb
91179193Sjb# override default of no subsystems
92179193SjbSubsystem	sftp	/usr/libexec/sftp-server
93179193Sjb