1# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ 2 3# This is the sshd server system-wide configuration file. See 4# sshd_config(5) for more information. 5 6# The strategy used for options in the default sshd_config shipped with 7# OpenSSH is to specify options with their default value where 8# possible, but leave them commented. Uncommented options override the 9# default value. 10 11#Port 22 12#AddressFamily any 13#ListenAddress 0.0.0.0 14#ListenAddress :: 15 16#HostKey /etc/ssh/ssh_host_rsa_key 17#HostKey /etc/ssh/ssh_host_ecdsa_key 18#HostKey /etc/ssh/ssh_host_ed25519_key 19 20# Ciphers and keying 21#RekeyLimit default none 22 23# Logging 24#SyslogFacility AUTH 25#LogLevel INFO 26 27# Authentication: 28 29#LoginGraceTime 2m 30#PermitRootLogin prohibit-password 31#StrictModes yes 32#MaxAuthTries 6 33#MaxSessions 10 34 35#PubkeyAuthentication yes 36 37# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 38# but this is overridden so installations will only check .ssh/authorized_keys 39AuthorizedKeysFile .ssh/authorized_keys 40 41#AuthorizedPrincipalsFile none 42 43#AuthorizedKeysCommand none 44#AuthorizedKeysCommandUser nobody 45 46# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 47#HostbasedAuthentication no 48# Change to yes if you don't trust ~/.ssh/known_hosts for 49# HostbasedAuthentication 50#IgnoreUserKnownHosts no 51# Don't read the user's ~/.rhosts and ~/.shosts files 52#IgnoreRhosts yes 53 54# To disable tunneled clear text passwords, change to no here! 55#PasswordAuthentication yes 56#PermitEmptyPasswords no 57 58# Change to no to disable s/key passwords 59#KbdInteractiveAuthentication yes 60 61#AllowAgentForwarding yes 62#AllowTcpForwarding yes 63#GatewayPorts no 64#X11Forwarding no 65#X11DisplayOffset 10 66#X11UseLocalhost yes 67#PermitTTY yes 68#PrintMotd yes 69#PrintLastLog yes 70#TCPKeepAlive yes 71#PermitUserEnvironment no 72#Compression delayed 73#ClientAliveInterval 0 74#ClientAliveCountMax 3 75#UseDNS no 76#PidFile /var/run/sshd.pid 77#MaxStartups 10:30:100 78#PermitTunnel no 79#ChrootDirectory none 80#VersionAddendum none 81 82# no default banner path 83#Banner none 84 85# override default of no subsystems 86Subsystem sftp /usr/libexec/sftp-server 87 88# Example of overriding settings on a per-user basis 89#Match User anoncvs 90# X11Forwarding no 91# AllowTcpForwarding no 92# PermitTTY no 93# ForceCommand cvs server 94