1# $OpenBSD: sshd_config,v 1.85 2012/04/12 02:42:32 djm Exp $ 2 3# This is the sshd server system-wide configuration file. See 4# sshd_config(5) for more information. 5 6# The strategy used for options in the default sshd_config shipped with 7# OpenSSH is to specify options with their default value where 8# possible, but leave them commented. Uncommented options override the 9# default value. 10 11#Port 22 12#AddressFamily any 13#ListenAddress 0.0.0.0 14#ListenAddress :: 15 16# The default requires explicit activation of protocol 1 17#Protocol 2 18 19# HostKey for protocol version 1 20#HostKey /etc/ssh/ssh_host_key 21# HostKeys for protocol version 2 22#HostKey /etc/ssh/ssh_host_rsa_key 23#HostKey /etc/ssh/ssh_host_dsa_key 24#HostKey /etc/ssh/ssh_host_ecdsa_key 25 26# Lifetime and size of ephemeral version 1 server key 27#KeyRegenerationInterval 1h 28#ServerKeyBits 1024 29 30# Logging 31# obsoletes QuietMode and FascistLogging 32#SyslogFacility AUTH 33#LogLevel INFO 34 35# Authentication: 36 37#LoginGraceTime 2m 38#PermitRootLogin yes 39#StrictModes yes 40#MaxAuthTries 6 41#MaxSessions 10 42 43#RSAAuthentication yes 44#PubkeyAuthentication yes 45 46# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 47# but this is overridden so installations will only check .ssh/authorized_keys 48AuthorizedKeysFile .ssh/authorized_keys 49 50# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 51#RhostsRSAAuthentication no 52# similar for protocol version 2 53#HostbasedAuthentication no 54# Change to yes if you don't trust ~/.ssh/known_hosts for 55# RhostsRSAAuthentication and HostbasedAuthentication 56#IgnoreUserKnownHosts no 57# Don't read the user's ~/.rhosts and ~/.shosts files 58#IgnoreRhosts yes 59 60# To disable tunneled clear text passwords, change to no here! 61#PasswordAuthentication yes 62#PermitEmptyPasswords no 63 64# Change to no to disable s/key passwords 65#ChallengeResponseAuthentication yes 66 67# Kerberos options 68#KerberosAuthentication no 69#KerberosOrLocalPasswd yes 70#KerberosTicketCleanup yes 71#KerberosGetAFSToken no 72 73# GSSAPI options 74#GSSAPIAuthentication no 75#GSSAPICleanupCredentials yes 76 77#AllowAgentForwarding yes 78#AllowTcpForwarding yes 79#GatewayPorts no 80#X11Forwarding no 81#X11DisplayOffset 10 82#X11UseLocalhost yes 83#PrintMotd yes 84#PrintLastLog yes 85#TCPKeepAlive yes 86#UseLogin no 87#UsePrivilegeSeparation yes 88#PermitUserEnvironment no 89#Compression delayed 90#ClientAliveInterval 0 91#ClientAliveCountMax 3 92#UseDNS yes 93#PidFile /var/run/sshd.pid 94#MaxStartups 10 95#PermitTunnel no 96#ChrootDirectory none 97#VersionAddendum none 98 99# no default banner path 100#Banner none 101 102# override default of no subsystems 103Subsystem sftp /usr/libexec/sftp-server 104 105# Example of overriding settings on a per-user basis 106#Match User anoncvs 107# X11Forwarding no 108# AllowTcpForwarding no 109# ForceCommand cvs server 110