xref: /openbsd/usr.bin/ssh/sshd_config (revision 8915e95c) 
1#	$OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
2
3# This is the sshd server system-wide configuration file.  See
4# sshd_config(5) for more information.
5
6# The strategy used for options in the default sshd_config shipped with
7# OpenSSH is to specify options with their default value where
8# possible, but leave them commented.  Uncommented options override the
9# default value.
10
11#Port 22
12#AddressFamily any
13#ListenAddress 0.0.0.0
14#ListenAddress ::
15
16#HostKey /etc/ssh/ssh_host_rsa_key
17#HostKey /etc/ssh/ssh_host_dsa_key
18#HostKey /etc/ssh/ssh_host_ecdsa_key
19#HostKey /etc/ssh/ssh_host_ed25519_key
20
21# Ciphers and keying
22#RekeyLimit default none
23
24# Logging
25#SyslogFacility AUTH
26#LogLevel INFO
27
28# Authentication:
29
30#LoginGraceTime 2m
31#PermitRootLogin prohibit-password
32#StrictModes yes
33#MaxAuthTries 6
34#MaxSessions 10
35
36#PubkeyAuthentication yes
37
38# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
39# but this is overridden so installations will only check .ssh/authorized_keys
40AuthorizedKeysFile	.ssh/authorized_keys
41
42#AuthorizedPrincipalsFile none
43
44#AuthorizedKeysCommand none
45#AuthorizedKeysCommandUser nobody
46
47# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
48#HostbasedAuthentication no
49# Change to yes if you don't trust ~/.ssh/known_hosts for
50# HostbasedAuthentication
51#IgnoreUserKnownHosts no
52# Don't read the user's ~/.rhosts and ~/.shosts files
53#IgnoreRhosts yes
54
55# To disable tunneled clear text passwords, change to no here!
56#PasswordAuthentication yes
57#PermitEmptyPasswords no
58
59# Change to no to disable s/key passwords
60#ChallengeResponseAuthentication yes
61
62#AllowAgentForwarding yes
63#AllowTcpForwarding yes
64#GatewayPorts no
65#X11Forwarding no
66#X11DisplayOffset 10
67#X11UseLocalhost yes
68#PermitTTY yes
69#PrintMotd yes
70#PrintLastLog yes
71#TCPKeepAlive yes
72#UseLogin no
73#UsePrivilegeSeparation sandbox
74#PermitUserEnvironment no
75#Compression delayed
76#ClientAliveInterval 0
77#ClientAliveCountMax 3
78#UseDNS no
79#PidFile /var/run/sshd.pid
80#MaxStartups 10:30:100
81#PermitTunnel no
82#ChrootDirectory none
83#VersionAddendum none
84
85# no default banner path
86#Banner none
87
88# override default of no subsystems
89Subsystem	sftp	/usr/libexec/sftp-server
90
91# Example of overriding settings on a per-user basis
92#Match User anoncvs
93#	X11Forwarding no
94#	AllowTcpForwarding no
95#	PermitTTY no
96#	ForceCommand cvs server
97