1# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ 2 3# This is the sshd server system-wide configuration file. See 4# sshd_config(5) for more information. 5 6# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 7 8# The strategy used for options in the default sshd_config shipped with 9# OpenSSH is to specify options with their default value where 10# possible, but leave them commented. Uncommented options change a 11# default value. 12 13# Note that some of DragonFly's defaults differ from OpenBSD's, and 14# DragonFly has a few additional options. 15 16#VersionAddendum DragonFly-20110408 17 18#Port 22 19#AddressFamily any 20#ListenAddress 0.0.0.0 21#ListenAddress :: 22 23# The default requires explicit activation of protocol 1 24#Protocol 2 25 26# HostKey for protocol version 1 27#HostKey /etc/ssh/ssh_host_key 28# HostKeys for protocol version 2 29#HostKey /etc/ssh/ssh_host_rsa_key 30#HostKey /etc/ssh/ssh_host_dsa_key 31#HostKey /etc/ssh/ssh_host_ecdsa_key 32 33# Lifetime and size of ephemeral version 1 server key 34#KeyRegenerationInterval 1h 35#ServerKeyBits 1024 36 37# Logging 38# obsoletes QuietMode and FascistLogging 39#SyslogFacility AUTH 40#LogLevel INFO 41 42# Authentication: 43 44#LoginGraceTime 2m 45# only allow root logins via public key pair 46PermitRootLogin without-password 47#StrictModes yes 48#MaxAuthTries 6 49#MaxSessions 10 50 51#RSAAuthentication yes 52#PubkeyAuthentication yes 53#PermitBlacklistedKeys no 54#AuthorizedKeysFile .ssh/authorized_keys 55 56# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 57RhostsRSAAuthentication no 58# similar for protocol version 2 59HostbasedAuthentication no 60# Change to yes if you don't trust ~/.ssh/known_hosts for 61# RhostsRSAAuthentication and HostbasedAuthentication 62#IgnoreUserKnownHosts no 63# Don't read the user's ~/.rhosts and ~/.shosts files 64IgnoreRhosts yes 65 66# To disable tunneled clear text passwords, change to no here! 67# We disable cleartext passwords by default 68PasswordAuthentication no 69#PermitEmptyPasswords no 70 71# Change to no to disable s/key and tunneled clear-text passwords 72# when PAM is enabled. We disable this by default. Note that 73# PAM is also disabled by default. 74ChallengeResponseAuthentication no 75 76# Kerberos options 77#KerberosAuthentication no 78#KerberosOrLocalPasswd yes 79#KerberosTicketCleanup yes 80#KerberosGetAFSToken no 81 82# GSSAPI options 83#GSSAPIAuthentication no 84#GSSAPICleanupCredentials yes 85 86# Set this to 'yes' to enable PAM authentication, account processing, 87# and session processing. If this is enabled, PAM authentication will 88# be allowed through the ChallengeResponseAuthentication and 89# PasswordAuthentication. Depending on your PAM configuration, 90# PAM authentication via ChallengeResponseAuthentication may bypass 91# the setting of "PermitRootLogin without-password". 92# If you just want the PAM account and session checks to run without 93# PAM authentication, then enable this but set PasswordAuthentication 94# and ChallengeResponseAuthentication to 'no'. 95#UsePAM no 96 97#AllowAgentForwarding yes 98#AllowTcpForwarding yes 99#GatewayPorts no 100#X11Forwarding yes 101#X11DisplayOffset 10 102#X11UseLocalhost yes 103#PrintMotd yes 104#PrintLastLog yes 105#TCPKeepAlive yes 106#UseLogin no 107#UsePrivilegeSeparation yes 108#PermitUserEnvironment no 109#Compression delayed 110#ClientAliveInterval 0 111#ClientAliveCountMax 3 112#UseDNS yes 113#PidFile /var/run/sshd.pid 114#MaxStartups 10 115#PermitTunnel no 116#ChrootDirectory none 117 118#XAuthLocation /usr/pkg/bin/xauth 119 120# no default banner path 121#Banner none 122 123# override default of no subsystems 124Subsystem sftp /usr/libexec/sftp-server 125 126# the following are HPN related configuration options 127# tcp receive buffer polling. disable in non autotuning kernels 128#TcpRcvBufPoll yes 129 130# allow the use of the none cipher 131#NoneEnabled no 132 133# disable hpn performance boosts. 134#HPNDisabled no 135 136# buffer size for hpn to non-hpn connections 137#HPNBufferSize 2048 138 139 140# Example of overriding settings on a per-user basis 141#Match User anoncvs 142# X11Forwarding no 143# AllowTcpForwarding no 144# ForceCommand cvs server 145