xref: /openbsd/usr.bin/ssh/sshd_config (revision 610f49f8) 
1#	$OpenBSD: sshd_config,v 1.47 2002/02/09 17:37:34 deraadt Exp $
2
3# This is the sshd server system-wide configuration file.  See sshd(8)
4# for more information.
5
6# The stategy used for options in the default sshd_config shipped with
7# OpenSSH is to specify options with their default value where
8# possible, but leave them commented.  Uncommented options change a
9# default value.
10
11#Port 22
12#Protocol 2,1
13#ListenAddress 0.0.0.0
14#ListenAddress ::
15
16# HostKey for protocol version 1
17#HostKey /etc/ssh/ssh_host_key
18# HostKeys for protocol version 2
19#HostKey /etc/ssh/ssh_host_rsa_key
20#HostKey /etc/ssh/ssh_host_dsa_key
21
22# Lifetime and size of ephemeral version 1 server key
23#KeyRegenerationInterval 3600
24#ServerKeyBits 768
25
26# Logging
27#obsoletes QuietMode and FascistLogging
28#SyslogFacility AUTH
29#LogLevel INFO
30
31# Authentication:
32
33#LoginGraceTime 600
34#PermitRootLogin yes
35#StrictModes yes
36
37#RSAAuthentication yes
38#PubkeyAuthentication yes
39#AuthorizedKeysFile	.ssh/authorized_keys
40
41# rhosts authentication should not be used
42#RhostsAuthentication no
43# Don't read the user's ~/.rhosts and ~/.shosts files
44#IgnoreRhosts yes
45# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
46#RhostsRSAAuthentication no
47# similar for protocol version 2
48#HostbasedAuthentication no
49# Change to yes if you don't trust ~/.ssh/known_hosts for
50# RhostsRSAAuthentication and HostbasedAuthentication
51#IgnoreUserKnownHosts no
52
53# To disable tunneled clear text passwords, change to no here!
54#PasswordAuthentication yes
55#PermitEmptyPasswords no
56
57# Change to no to disable s/key passwords
58#ChallengeResponseAuthentication yes
59
60# Kerberos options
61# KerberosAuthentication automatically enabled if keyfile exists
62#KerberosAuthentication yes
63#KerberosOrLocalPasswd yes
64#KerberosTicketCleanup yes
65
66# AFSTokenPassing automatically enabled if k_hasafs() is true
67#AFSTokenPassing yes
68
69# Kerberos TGT Passing only works with the AFS kaserver
70#KerberosTgtPassing no
71
72#X11Forwarding no
73#X11DisplayOffset 10
74#X11UseLocalhost yes
75#PrintMotd yes
76#PrintLastLog yes
77#KeepAlive yes
78#UseLogin no
79
80#MaxStartups 10
81# no default banner path
82#Banner /some/path
83#VerifyReverseMapping no
84
85# override default of no subsystems
86Subsystem	sftp	/usr/libexec/sftp-server
87