1# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ 2 3# This is the sshd server system-wide configuration file. See 4# sshd_config(5) for more information. 5 6# The strategy used for options in the default sshd_config shipped with 7# OpenSSH is to specify options with their default value where 8# possible, but leave them commented. Uncommented options override the 9# default value. 10 11#Port 22 12#AddressFamily any 13#ListenAddress 0.0.0.0 14#ListenAddress :: 15 16# The default requires explicit activation of protocol 1 17#Protocol 2 18 19# HostKey for protocol version 1 20#HostKey /etc/ssh/ssh_host_key 21# HostKeys for protocol version 2 22#HostKey /etc/ssh/ssh_host_rsa_key 23#HostKey /etc/ssh/ssh_host_dsa_key 24#HostKey /etc/ssh/ssh_host_ecdsa_key 25#HostKey /etc/ssh/ssh_host_ed25519_key 26 27# Lifetime and size of ephemeral version 1 server key 28#KeyRegenerationInterval 1h 29#ServerKeyBits 1024 30 31# Ciphers and keying 32#RekeyLimit default none 33 34# Logging 35#SyslogFacility AUTH 36#LogLevel INFO 37 38# Authentication: 39 40#LoginGraceTime 2m 41#PermitRootLogin prohibit-password 42#StrictModes yes 43#MaxAuthTries 6 44#MaxSessions 10 45 46#RSAAuthentication yes 47#PubkeyAuthentication yes 48 49# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 50# but this is overridden so installations will only check .ssh/authorized_keys 51AuthorizedKeysFile .ssh/authorized_keys 52 53#AuthorizedPrincipalsFile none 54 55#AuthorizedKeysCommand none 56#AuthorizedKeysCommandUser nobody 57 58# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 59#RhostsRSAAuthentication no 60# similar for protocol version 2 61#HostbasedAuthentication no 62# Change to yes if you don't trust ~/.ssh/known_hosts for 63# RhostsRSAAuthentication and HostbasedAuthentication 64#IgnoreUserKnownHosts no 65# Don't read the user's ~/.rhosts and ~/.shosts files 66#IgnoreRhosts yes 67 68# To disable tunneled clear text passwords, change to no here! 69#PasswordAuthentication yes 70#PermitEmptyPasswords no 71 72# Change to no to disable s/key passwords 73#ChallengeResponseAuthentication yes 74 75#AllowAgentForwarding yes 76#AllowTcpForwarding yes 77#GatewayPorts no 78#X11Forwarding no 79#X11DisplayOffset 10 80#X11UseLocalhost yes 81#PermitTTY yes 82#PrintMotd yes 83#PrintLastLog yes 84#TCPKeepAlive yes 85#UseLogin no 86#UsePrivilegeSeparation sandbox 87#PermitUserEnvironment no 88#Compression delayed 89#ClientAliveInterval 0 90#ClientAliveCountMax 3 91#UseDNS no 92#PidFile /var/run/sshd.pid 93#MaxStartups 10:30:100 94#PermitTunnel no 95#ChrootDirectory none 96#VersionAddendum none 97 98# no default banner path 99#Banner none 100 101# override default of no subsystems 102Subsystem sftp /usr/libexec/sftp-server 103 104# Example of overriding settings on a per-user basis 105#Match User anoncvs 106# X11Forwarding no 107# AllowTcpForwarding no 108# PermitTTY no 109# ForceCommand cvs server 110