Home | History | Annotate | Line # | Download | only in dist
sshd_config revision 1.1.1.13 
      1  1.1.1.13  christos #	$OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $
      2       1.1  christos 
      3       1.1  christos # This is the sshd server system-wide configuration file.  See
      4       1.1  christos # sshd_config(5) for more information.
      5       1.1  christos 
      6       1.1  christos # The strategy used for options in the default sshd_config shipped with
      7       1.1  christos # OpenSSH is to specify options with their default value where
      8   1.1.1.4  christos # possible, but leave them commented.  Uncommented options override the
      9       1.1  christos # default value.
     10       1.1  christos 
     11       1.1  christos #Port 22
     12       1.1  christos #AddressFamily any
     13       1.1  christos #ListenAddress 0.0.0.0
     14       1.1  christos #ListenAddress ::
     15       1.1  christos 
     16   1.1.1.2      adam # The default requires explicit activation of protocol 1
     17   1.1.1.2      adam #Protocol 2
     18       1.1  christos 
     19       1.1  christos # HostKey for protocol version 1
     20       1.1  christos #HostKey /etc/ssh/ssh_host_key
     21       1.1  christos # HostKeys for protocol version 2
     22       1.1  christos #HostKey /etc/ssh/ssh_host_rsa_key
     23       1.1  christos #HostKey /etc/ssh/ssh_host_dsa_key
     24   1.1.1.3  christos #HostKey /etc/ssh/ssh_host_ecdsa_key
     25   1.1.1.8  christos #HostKey /etc/ssh/ssh_host_ed25519_key
     26       1.1  christos 
     27       1.1  christos # Lifetime and size of ephemeral version 1 server key
     28       1.1  christos #KeyRegenerationInterval 1h
     29       1.1  christos #ServerKeyBits 1024
     30       1.1  christos 
     31   1.1.1.7  christos # Ciphers and keying
     32   1.1.1.7  christos #RekeyLimit default none
     33   1.1.1.7  christos 
     34       1.1  christos # Logging
     35       1.1  christos #SyslogFacility AUTH
     36       1.1  christos #LogLevel INFO
     37       1.1  christos 
     38       1.1  christos # Authentication:
     39       1.1  christos 
     40       1.1  christos #LoginGraceTime 2m
     41  1.1.1.11  christos #PermitRootLogin prohibit-password
     42       1.1  christos #StrictModes yes
     43       1.1  christos #MaxAuthTries 6
     44       1.1  christos #MaxSessions 10
     45       1.1  christos 
     46       1.1  christos #RSAAuthentication yes
     47       1.1  christos #PubkeyAuthentication yes
     48   1.1.1.4  christos 
     49   1.1.1.4  christos # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
     50   1.1.1.4  christos # but this is overridden so installations will only check .ssh/authorized_keys
     51   1.1.1.4  christos AuthorizedKeysFile	.ssh/authorized_keys
     52       1.1  christos 
     53   1.1.1.5  christos #AuthorizedPrincipalsFile none
     54   1.1.1.5  christos 
     55   1.1.1.6  christos #AuthorizedKeysCommand none
     56   1.1.1.6  christos #AuthorizedKeysCommandUser nobody
     57   1.1.1.6  christos 
     58       1.1  christos # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
     59       1.1  christos #RhostsRSAAuthentication no
     60       1.1  christos # similar for protocol version 2
     61       1.1  christos #HostbasedAuthentication no
     62       1.1  christos # Change to yes if you don't trust ~/.ssh/known_hosts for
     63       1.1  christos # RhostsRSAAuthentication and HostbasedAuthentication
     64       1.1  christos #IgnoreUserKnownHosts no
     65       1.1  christos # Don't read the user's ~/.rhosts and ~/.shosts files
     66       1.1  christos #IgnoreRhosts yes
     67       1.1  christos 
     68       1.1  christos # To disable tunneled clear text passwords, change to no here!
     69       1.1  christos #PasswordAuthentication yes
     70       1.1  christos #PermitEmptyPasswords no
     71       1.1  christos 
     72       1.1  christos # Change to no to disable s/key passwords
     73       1.1  christos #ChallengeResponseAuthentication yes
     74       1.1  christos 
     75       1.1  christos #AllowAgentForwarding yes
     76       1.1  christos #AllowTcpForwarding yes
     77       1.1  christos #GatewayPorts no
     78       1.1  christos #X11Forwarding no
     79       1.1  christos #X11DisplayOffset 10
     80       1.1  christos #X11UseLocalhost yes
     81   1.1.1.8  christos #PermitTTY yes
     82       1.1  christos #PrintMotd yes
     83       1.1  christos #PrintLastLog yes
     84       1.1  christos #TCPKeepAlive yes
     85       1.1  christos #UseLogin no
     86  1.1.1.12  christos #UsePrivilegeSeparation sandbox
     87       1.1  christos #PermitUserEnvironment no
     88       1.1  christos #Compression delayed
     89       1.1  christos #ClientAliveInterval 0
     90       1.1  christos #ClientAliveCountMax 3
     91   1.1.1.9  christos #UseDNS no
     92       1.1  christos #PidFile /var/run/sshd.pid
     93   1.1.1.6  christos #MaxStartups 10:30:100
     94       1.1  christos #PermitTunnel no
     95       1.1  christos #ChrootDirectory none
     96   1.1.1.5  christos #VersionAddendum none
     97       1.1  christos 
     98       1.1  christos # no default banner path
     99       1.1  christos #Banner none
    100       1.1  christos 
    101       1.1  christos # override default of no subsystems
    102       1.1  christos Subsystem	sftp	/usr/libexec/sftp-server
    103       1.1  christos 
    104       1.1  christos # Example of overriding settings on a per-user basis
    105       1.1  christos #Match User anoncvs
    106       1.1  christos #	X11Forwarding no
    107       1.1  christos #	AllowTcpForwarding no
    108   1.1.1.8  christos #	PermitTTY no
    109       1.1  christos #	ForceCommand cvs server
    110