1# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ 2 3# This is the sshd server system-wide configuration file. See 4# sshd_config(5) for more information. 5 6# The strategy used for options in the default sshd_config shipped with 7# OpenSSH is to specify options with their default value where 8# possible, but leave them commented. Uncommented options override the 9# default value. 10 11#Port 22 12#AddressFamily any 13#ListenAddress 0.0.0.0 14#ListenAddress :: 15 16#HostKey /etc/ssh/ssh_host_rsa_key 17#HostKey /etc/ssh/ssh_host_dsa_key 18#HostKey /etc/ssh/ssh_host_ecdsa_key 19#HostKey /etc/ssh/ssh_host_ed25519_key 20 21# Ciphers and keying 22#RekeyLimit default none 23 24# Logging 25#SyslogFacility AUTH 26#LogLevel INFO 27 28# Authentication: 29 30#LoginGraceTime 2m 31#PermitRootLogin prohibit-password 32#StrictModes yes 33#MaxAuthTries 6 34#MaxSessions 10 35 36#PubkeyAuthentication yes 37 38# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 39# but this is overridden so installations will only check .ssh/authorized_keys 40AuthorizedKeysFile .ssh/authorized_keys 41 42#AuthorizedPrincipalsFile none 43 44#AuthorizedKeysCommand none 45#AuthorizedKeysCommandUser nobody 46 47# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 48#HostbasedAuthentication no 49# Change to yes if you don't trust ~/.ssh/known_hosts for 50# HostbasedAuthentication 51#IgnoreUserKnownHosts no 52# Don't read the user's ~/.rhosts and ~/.shosts files 53#IgnoreRhosts yes 54 55# To disable tunneled clear text passwords, change to no here! 56#PasswordAuthentication yes 57#PermitEmptyPasswords no 58 59# Change to no to disable s/key passwords 60#ChallengeResponseAuthentication yes 61 62#AllowAgentForwarding yes 63#AllowTcpForwarding yes 64#GatewayPorts no 65#X11Forwarding no 66#X11DisplayOffset 10 67#X11UseLocalhost yes 68#PermitTTY yes 69#PrintMotd yes 70#PrintLastLog yes 71#TCPKeepAlive yes 72#UseLogin no 73#UsePrivilegeSeparation sandbox 74#PermitUserEnvironment no 75#Compression delayed 76#ClientAliveInterval 0 77#ClientAliveCountMax 3 78#UseDNS no 79#PidFile /var/run/sshd.pid 80#MaxStartups 10:30:100 81#PermitTunnel no 82#ChrootDirectory none 83#VersionAddendum none 84 85# no default banner path 86#Banner none 87 88# override default of no subsystems 89Subsystem sftp /usr/libexec/sftp-server 90 91# Example of overriding settings on a per-user basis 92#Match User anoncvs 93# X11Forwarding no 94# AllowTcpForwarding no 95# PermitTTY no 96# ForceCommand cvs server 97