sshd_config revision 98941
1179193Sjb# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ 2179193Sjb 3179193Sjb# This is the sshd server system-wide configuration file. See 4179193Sjb# sshd_config(5) for more information. 5179193Sjb 6179193Sjb# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 7179193Sjb 8179193Sjb# The strategy used for options in the default sshd_config shipped with 9179193Sjb# OpenSSH is to specify options with their default value where 10179193Sjb# possible, but leave them commented. Uncommented options change a 11179193Sjb# default value. 12179193Sjb 13179193Sjb#Port 22 14179193Sjb#Protocol 2,1 15179193Sjb#ListenAddress 0.0.0.0 16179193Sjb#ListenAddress :: 17179193Sjb 18179193Sjb# HostKey for protocol version 1 19179193Sjb#HostKey /etc/ssh/ssh_host_key 20211738Srpaulo# HostKeys for protocol version 2 21211738Srpaulo#HostKey /etc/ssh/ssh_host_rsa_key 22211738Srpaulo#HostKey /etc/ssh/ssh_host_dsa_key 23211738Srpaulo 24179193Sjb# Lifetime and size of ephemeral version 1 server key 25179193Sjb#KeyRegenerationInterval 3600 26179193Sjb#ServerKeyBits 768 27179198Sjb 28179193Sjb# Logging 29179193Sjb#obsoletes QuietMode and FascistLogging 30179193Sjb#SyslogFacility AUTH 31211738Srpaulo#LogLevel INFO 32179193Sjb 33211738Srpaulo# Authentication: 34179193Sjb 35179193Sjb#LoginGraceTime 600 36179193Sjb#PermitRootLogin yes 37179193Sjb#StrictModes yes 38179193Sjb 39179193Sjb#RSAAuthentication yes 40179193Sjb#PubkeyAuthentication yes 41211738Srpaulo#AuthorizedKeysFile .ssh/authorized_keys 42179193Sjb 43211738Srpaulo# rhosts authentication should not be used 44179193Sjb#RhostsAuthentication no 45179193Sjb# Don't read the user's ~/.rhosts and ~/.shosts files 46179193Sjb#IgnoreRhosts yes 47211738Srpaulo# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 48179193Sjb#RhostsRSAAuthentication no 49211738Srpaulo# similar for protocol version 2 50179193Sjb#HostbasedAuthentication no 51179193Sjb# Change to yes if you don't trust ~/.ssh/known_hosts for 52179193Sjb# RhostsRSAAuthentication and HostbasedAuthentication 53179193Sjb#IgnoreUserKnownHosts no 54179193Sjb 55179193Sjb# To disable tunneled clear text passwords, change to no here! 56179193Sjb#PasswordAuthentication yes 57179193Sjb#PermitEmptyPasswords no 58211738Srpaulo 59179193Sjb# Change to no to disable s/key passwords 60211738Srpaulo#ChallengeResponseAuthentication yes 61211738Srpaulo 62211738Srpaulo# Kerberos options 63211738Srpaulo#KerberosAuthentication no 64211738Srpaulo#KerberosOrLocalPasswd yes 65211738Srpaulo#KerberosTicketCleanup yes 66211738Srpaulo 67211738Srpaulo#AFSTokenPassing no 68179193Sjb 69179193Sjb# Kerberos TGT Passing only works with the AFS kaserver 70179193Sjb#KerberosTgtPassing no 71179193Sjb 72179193Sjb# Set this to 'yes' to enable PAM keyboard-interactive authentication 73179193Sjb# Warning: enabling this may bypass the setting of 'PasswordAuthentication' 74179193Sjb#PAMAuthenticationViaKbdInt yes 75179193Sjb 76179193Sjb#X11Forwarding no 77179193Sjb#X11DisplayOffset 10 78179193Sjb#X11UseLocalhost yes 79179193Sjb#PrintMotd yes 80179193Sjb#PrintLastLog yes 81179193Sjb#KeepAlive yes 82179193Sjb#UseLogin no 83179193Sjb#UsePrivilegeSeparation yes 84179193Sjb#Compression yes 85179193Sjb 86179193Sjb#MaxStartups 10 87179193Sjb# no default banner path 88179193Sjb#Banner /some/path 89179193Sjb#VerifyReverseMapping no 90179193Sjb 91179193Sjb# override default of no subsystems 92179193SjbSubsystem sftp /usr/libexec/sftp-server 93179193Sjb