1# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $ 2 3# This is the sshd server system-wide configuration file. See 4# sshd_config(5) for more information. 5 6# The strategy used for options in the default sshd_config shipped with 7# OpenSSH is to specify options with their default value where 8# possible, but leave them commented. Uncommented options change a 9# default value. 10 11#Port 22 12#AddressFamily any 13#ListenAddress 0.0.0.0 14#ListenAddress :: 15 16# The default requires explicit activation of protocol 1 17#Protocol 2 18 19# HostKey for protocol version 1 20#HostKey /etc/ssh/ssh_host_key 21# HostKeys for protocol version 2 22#HostKey /etc/ssh/ssh_host_rsa_key 23#HostKey /etc/ssh/ssh_host_dsa_key 24 25# Lifetime and size of ephemeral version 1 server key 26#KeyRegenerationInterval 1h 27#ServerKeyBits 1024 28 29# Logging 30# obsoletes QuietMode and FascistLogging 31#SyslogFacility AUTH 32#LogLevel INFO 33 34# Authentication: 35 36#LoginGraceTime 2m 37#PermitRootLogin yes 38#StrictModes yes 39#MaxAuthTries 6 40#MaxSessions 10 41 42#RSAAuthentication yes 43#PubkeyAuthentication yes 44#AuthorizedKeysFile .ssh/authorized_keys 45 46# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 47#RhostsRSAAuthentication no 48# similar for protocol version 2 49#HostbasedAuthentication no 50# Change to yes if you don't trust ~/.ssh/known_hosts for 51# RhostsRSAAuthentication and HostbasedAuthentication 52#IgnoreUserKnownHosts no 53# Don't read the user's ~/.rhosts and ~/.shosts files 54#IgnoreRhosts yes 55 56# To disable tunneled clear text passwords, change to no here! 57#PasswordAuthentication yes 58#PermitEmptyPasswords no 59 60# Change to no to disable s/key passwords 61#ChallengeResponseAuthentication yes 62 63# Kerberos options 64#KerberosAuthentication no 65#KerberosOrLocalPasswd yes 66#KerberosTicketCleanup yes 67#KerberosGetAFSToken no 68 69# GSSAPI options 70#GSSAPIAuthentication no 71#GSSAPICleanupCredentials yes 72 73#AllowAgentForwarding yes 74#AllowTcpForwarding yes 75#GatewayPorts no 76#X11Forwarding no 77#X11DisplayOffset 10 78#X11UseLocalhost yes 79#PrintMotd yes 80#PrintLastLog yes 81#TCPKeepAlive yes 82#UseLogin no 83#UsePrivilegeSeparation yes 84#PermitUserEnvironment no 85#Compression delayed 86#ClientAliveInterval 0 87#ClientAliveCountMax 3 88#UseDNS yes 89#PidFile /var/run/sshd.pid 90#MaxStartups 10 91#PermitTunnel no 92#ChrootDirectory none 93 94# no default banner path 95#Banner none 96 97# override default of no subsystems 98Subsystem sftp /usr/libexec/sftp-server 99 100# Example of overriding settings on a per-user basis 101#Match User anoncvs 102# X11Forwarding no 103# AllowTcpForwarding no 104# ForceCommand cvs server 105