xref: /openbsd/usr.bin/ssh/sshd_config (revision 5bf2634b) 
1#	$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
2
3# This is the sshd server system-wide configuration file.  See
4# sshd_config(5) for more information.
5
6# The strategy used for options in the default sshd_config shipped with
7# OpenSSH is to specify options with their default value where
8# possible, but leave them commented.  Uncommented options override the
9# default value.
10
11#Port 22
12#AddressFamily any
13#ListenAddress 0.0.0.0
14#ListenAddress ::
15
16# The default requires explicit activation of protocol 1
17#Protocol 2
18
19# HostKey for protocol version 1
20#HostKey /etc/ssh/ssh_host_key
21# HostKeys for protocol version 2
22#HostKey /etc/ssh/ssh_host_rsa_key
23#HostKey /etc/ssh/ssh_host_dsa_key
24#HostKey /etc/ssh/ssh_host_ecdsa_key
25#HostKey /etc/ssh/ssh_host_ed25519_key
26
27# Lifetime and size of ephemeral version 1 server key
28#KeyRegenerationInterval 1h
29#ServerKeyBits 1024
30
31# Ciphers and keying
32#RekeyLimit default none
33
34# Logging
35# obsoletes QuietMode and FascistLogging
36#SyslogFacility AUTH
37#LogLevel INFO
38
39# Authentication:
40
41#LoginGraceTime 2m
42#PermitRootLogin yes
43#StrictModes yes
44#MaxAuthTries 6
45#MaxSessions 10
46
47#RSAAuthentication yes
48#PubkeyAuthentication yes
49
50# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
51# but this is overridden so installations will only check .ssh/authorized_keys
52AuthorizedKeysFile	.ssh/authorized_keys
53
54#AuthorizedPrincipalsFile none
55
56#AuthorizedKeysCommand none
57#AuthorizedKeysCommandUser nobody
58
59# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
60#RhostsRSAAuthentication no
61# similar for protocol version 2
62#HostbasedAuthentication no
63# Change to yes if you don't trust ~/.ssh/known_hosts for
64# RhostsRSAAuthentication and HostbasedAuthentication
65#IgnoreUserKnownHosts no
66# Don't read the user's ~/.rhosts and ~/.shosts files
67#IgnoreRhosts yes
68
69# To disable tunneled clear text passwords, change to no here!
70#PasswordAuthentication yes
71#PermitEmptyPasswords no
72
73# Change to no to disable s/key passwords
74#ChallengeResponseAuthentication yes
75
76#AllowAgentForwarding yes
77#AllowTcpForwarding yes
78#GatewayPorts no
79#X11Forwarding no
80#X11DisplayOffset 10
81#X11UseLocalhost yes
82#PermitTTY yes
83#PrintMotd yes
84#PrintLastLog yes
85#TCPKeepAlive yes
86#UseLogin no
87UsePrivilegeSeparation sandbox		# Default for new installations.
88#PermitUserEnvironment no
89#Compression delayed
90#ClientAliveInterval 0
91#ClientAliveCountMax 3
92#UseDNS yes
93#PidFile /var/run/sshd.pid
94#MaxStartups 10:30:100
95#PermitTunnel no
96#ChrootDirectory none
97#VersionAddendum none
98
99# no default banner path
100#Banner none
101
102# override default of no subsystems
103Subsystem	sftp	/usr/libexec/sftp-server
104
105# Example of overriding settings on a per-user basis
106#Match User anoncvs
107#	X11Forwarding no
108#	AllowTcpForwarding no
109#	PermitTTY no
110#	ForceCommand cvs server
111