1# $OpenBSD: sshd_config,v 1.83 2011/05/06 01:03:35 dtucker Exp $ 2 3# This is the sshd server system-wide configuration file. See 4# sshd_config(5) for more information. 5 6# The strategy used for options in the default sshd_config shipped with 7# OpenSSH is to specify options with their default value where 8# possible, but leave them commented. Uncommented options override the 9# default value. 10 11#Port 22 12#AddressFamily any 13#ListenAddress 0.0.0.0 14#ListenAddress :: 15 16# The default requires explicit activation of protocol 1 17#Protocol 2 18 19# HostKey for protocol version 1 20#HostKey /etc/ssh/ssh_host_key 21# HostKeys for protocol version 2 22#HostKey /etc/ssh/ssh_host_rsa_key 23#HostKey /etc/ssh/ssh_host_dsa_key 24#HostKey /etc/ssh/ssh_host_ecdsa_key 25 26# Lifetime and size of ephemeral version 1 server key 27#KeyRegenerationInterval 1h 28#ServerKeyBits 1024 29 30# Logging 31# obsoletes QuietMode and FascistLogging 32#SyslogFacility AUTH 33#LogLevel INFO 34 35# Authentication: 36 37#LoginGraceTime 2m 38#PermitRootLogin yes 39#StrictModes yes 40#MaxAuthTries 6 41#MaxSessions 10 42 43#RSAAuthentication yes 44#PubkeyAuthentication yes 45#AuthorizedKeysFile .ssh/authorized_keys 46 47# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 48#RhostsRSAAuthentication no 49# similar for protocol version 2 50#HostbasedAuthentication no 51# Change to yes if you don't trust ~/.ssh/known_hosts for 52# RhostsRSAAuthentication and HostbasedAuthentication 53#IgnoreUserKnownHosts no 54# Don't read the user's ~/.rhosts and ~/.shosts files 55#IgnoreRhosts yes 56 57# To disable tunneled clear text passwords, change to no here! 58#PasswordAuthentication yes 59#PermitEmptyPasswords no 60 61# Change to no to disable s/key passwords 62#ChallengeResponseAuthentication yes 63 64# Kerberos options 65#KerberosAuthentication no 66#KerberosOrLocalPasswd yes 67#KerberosTicketCleanup yes 68#KerberosGetAFSToken no 69 70# GSSAPI options 71#GSSAPIAuthentication no 72#GSSAPICleanupCredentials yes 73 74#AllowAgentForwarding yes 75#AllowTcpForwarding yes 76#GatewayPorts no 77#X11Forwarding no 78#X11DisplayOffset 10 79#X11UseLocalhost yes 80#PrintMotd yes 81#PrintLastLog yes 82#TCPKeepAlive yes 83#UseLogin no 84#UsePrivilegeSeparation yes 85#PermitUserEnvironment no 86#Compression delayed 87#ClientAliveInterval 0 88#ClientAliveCountMax 3 89#UseDNS yes 90#PidFile /var/run/sshd.pid 91#MaxStartups 10 92#PermitTunnel no 93#ChrootDirectory none 94 95# no default banner path 96#Banner none 97 98# override default of no subsystems 99Subsystem sftp /usr/libexec/sftp-server 100 101# Example of overriding settings on a per-user basis 102#Match User anoncvs 103# X11Forwarding no 104# AllowTcpForwarding no 105# ForceCommand cvs server 106