1# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ 2 3# This is the sshd server system-wide configuration file. See 4# sshd_config(5) for more information. 5 6# The strategy used for options in the default sshd_config shipped with 7# OpenSSH is to specify options with their default value where 8# possible, but leave them commented. Uncommented options change a 9# default value. 10 11#Port 22 12#AddressFamily any 13#ListenAddress 0.0.0.0 14#ListenAddress :: 15 16# Disable legacy (protocol version 1) support in the server for new 17# installations. In future the default will change to require explicit 18# activation of protocol 1 19Protocol 2 20 21# HostKey for protocol version 1 22#HostKey /etc/ssh/ssh_host_key 23# HostKeys for protocol version 2 24#HostKey /etc/ssh/ssh_host_rsa_key 25#HostKey /etc/ssh/ssh_host_dsa_key 26 27# Lifetime and size of ephemeral version 1 server key 28#KeyRegenerationInterval 1h 29#ServerKeyBits 1024 30 31# Logging 32# obsoletes QuietMode and FascistLogging 33#SyslogFacility AUTH 34#LogLevel INFO 35 36# Authentication: 37 38#LoginGraceTime 2m 39#PermitRootLogin yes 40#StrictModes yes 41#MaxAuthTries 6 42#MaxSessions 10 43 44#RSAAuthentication yes 45#PubkeyAuthentication yes 46#AuthorizedKeysFile .ssh/authorized_keys 47 48# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 49#RhostsRSAAuthentication no 50# similar for protocol version 2 51#HostbasedAuthentication no 52# Change to yes if you don't trust ~/.ssh/known_hosts for 53# RhostsRSAAuthentication and HostbasedAuthentication 54#IgnoreUserKnownHosts no 55# Don't read the user's ~/.rhosts and ~/.shosts files 56#IgnoreRhosts yes 57 58# To disable tunneled clear text passwords, change to no here! 59#PasswordAuthentication yes 60#PermitEmptyPasswords no 61 62# Change to no to disable s/key passwords 63#ChallengeResponseAuthentication yes 64 65# Kerberos options 66#KerberosAuthentication no 67#KerberosOrLocalPasswd yes 68#KerberosTicketCleanup yes 69#KerberosGetAFSToken no 70 71# GSSAPI options 72#GSSAPIAuthentication no 73#GSSAPICleanupCredentials yes 74 75#AllowAgentForwarding yes 76#AllowTcpForwarding yes 77#GatewayPorts no 78#X11Forwarding no 79#X11DisplayOffset 10 80#X11UseLocalhost yes 81#PrintMotd yes 82#PrintLastLog yes 83#TCPKeepAlive yes 84#UseLogin no 85#UsePrivilegeSeparation yes 86#PermitUserEnvironment no 87#Compression delayed 88#ClientAliveInterval 0 89#ClientAliveCountMax 3 90#UseDNS yes 91#PidFile /var/run/sshd.pid 92#MaxStartups 10 93#PermitTunnel no 94#ChrootDirectory none 95 96# no default banner path 97#Banner none 98 99# override default of no subsystems 100Subsystem sftp /usr/libexec/sftp-server 101 102# Example of overriding settings on a per-user basis 103#Match User anoncvs 104# X11Forwarding no 105# AllowTcpForwarding no 106# ForceCommand cvs server 107