1# $OpenBSD: sshd_config,v 1.86 2012/04/12 02:43:55 djm Exp $ 2 3# This is the sshd server system-wide configuration file. See 4# sshd_config(5) for more information. 5 6# The strategy used for options in the default sshd_config shipped with 7# OpenSSH is to specify options with their default value where 8# possible, but leave them commented. Uncommented options override the 9# default value. 10 11#Port 22 12#AddressFamily any 13#ListenAddress 0.0.0.0 14#ListenAddress :: 15 16# The default requires explicit activation of protocol 1 17#Protocol 2 18 19# HostKey for protocol version 1 20#HostKey /etc/ssh/ssh_host_key 21# HostKeys for protocol version 2 22#HostKey /etc/ssh/ssh_host_rsa_key 23#HostKey /etc/ssh/ssh_host_dsa_key 24#HostKey /etc/ssh/ssh_host_ecdsa_key 25 26# Lifetime and size of ephemeral version 1 server key 27#KeyRegenerationInterval 1h 28#ServerKeyBits 1024 29 30# Logging 31# obsoletes QuietMode and FascistLogging 32#SyslogFacility AUTH 33#LogLevel INFO 34 35# Authentication: 36 37#LoginGraceTime 2m 38#PermitRootLogin yes 39#StrictModes yes 40#MaxAuthTries 6 41#MaxSessions 10 42 43#RSAAuthentication yes 44#PubkeyAuthentication yes 45 46# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 47# but this is overridden so installations will only check .ssh/authorized_keys 48AuthorizedKeysFile .ssh/authorized_keys 49 50#AuthorizedPrincipalsFile none 51 52# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 53#RhostsRSAAuthentication no 54# similar for protocol version 2 55#HostbasedAuthentication no 56# Change to yes if you don't trust ~/.ssh/known_hosts for 57# RhostsRSAAuthentication and HostbasedAuthentication 58#IgnoreUserKnownHosts no 59# Don't read the user's ~/.rhosts and ~/.shosts files 60#IgnoreRhosts yes 61 62# To disable tunneled clear text passwords, change to no here! 63#PasswordAuthentication yes 64#PermitEmptyPasswords no 65 66# Change to no to disable s/key passwords 67#ChallengeResponseAuthentication yes 68 69# Kerberos options 70#KerberosAuthentication no 71#KerberosOrLocalPasswd yes 72#KerberosTicketCleanup yes 73#KerberosGetAFSToken no 74 75# GSSAPI options 76#GSSAPIAuthentication no 77#GSSAPICleanupCredentials yes 78 79#AllowAgentForwarding yes 80#AllowTcpForwarding yes 81#GatewayPorts no 82#X11Forwarding no 83#X11DisplayOffset 10 84#X11UseLocalhost yes 85#PrintMotd yes 86#PrintLastLog yes 87#TCPKeepAlive yes 88#UseLogin no 89#UsePrivilegeSeparation yes 90#PermitUserEnvironment no 91#Compression delayed 92#ClientAliveInterval 0 93#ClientAliveCountMax 3 94#UseDNS yes 95#PidFile /var/run/sshd.pid 96#MaxStartups 10 97#PermitTunnel no 98#ChrootDirectory none 99#VersionAddendum none 100 101# no default banner path 102#Banner none 103 104# override default of no subsystems 105Subsystem sftp /usr/libexec/sftp-server 106 107# Example of overriding settings on a per-user basis 108#Match User anoncvs 109# X11Forwarding no 110# AllowTcpForwarding no 111# ForceCommand cvs server 112