Home | History | Annotate | Line # | Download | only in dist
sshd_config revision 1.1.1.19 
      1  1.1.1.19  christos #	$OpenBSD: sshd_config,v 1.105 2024/12/03 14:12:47 dtucker Exp $
      2       1.1  christos 
      3       1.1  christos # This is the sshd server system-wide configuration file.  See
      4       1.1  christos # sshd_config(5) for more information.
      5       1.1  christos 
      6       1.1  christos # The strategy used for options in the default sshd_config shipped with
      7       1.1  christos # OpenSSH is to specify options with their default value where
      8   1.1.1.4  christos # possible, but leave them commented.  Uncommented options override the
      9       1.1  christos # default value.
     10       1.1  christos 
     11       1.1  christos #Port 22
     12       1.1  christos #AddressFamily any
     13       1.1  christos #ListenAddress 0.0.0.0
     14       1.1  christos #ListenAddress ::
     15       1.1  christos 
     16       1.1  christos #HostKey /etc/ssh/ssh_host_rsa_key
     17   1.1.1.3  christos #HostKey /etc/ssh/ssh_host_ecdsa_key
     18   1.1.1.8  christos #HostKey /etc/ssh/ssh_host_ed25519_key
     19       1.1  christos 
     20   1.1.1.7  christos # Ciphers and keying
     21   1.1.1.7  christos #RekeyLimit default none
     22   1.1.1.7  christos 
     23       1.1  christos # Logging
     24       1.1  christos #SyslogFacility AUTH
     25       1.1  christos #LogLevel INFO
     26       1.1  christos 
     27       1.1  christos # Authentication:
     28       1.1  christos 
     29       1.1  christos #LoginGraceTime 2m
     30  1.1.1.11  christos #PermitRootLogin prohibit-password
     31       1.1  christos #StrictModes yes
     32       1.1  christos #MaxAuthTries 6
     33       1.1  christos #MaxSessions 10
     34       1.1  christos 
     35       1.1  christos #PubkeyAuthentication yes
     36   1.1.1.4  christos 
     37   1.1.1.4  christos # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
     38   1.1.1.4  christos # but this is overridden so installations will only check .ssh/authorized_keys
     39   1.1.1.4  christos AuthorizedKeysFile	.ssh/authorized_keys
     40       1.1  christos 
     41   1.1.1.5  christos #AuthorizedPrincipalsFile none
     42   1.1.1.5  christos 
     43   1.1.1.6  christos #AuthorizedKeysCommand none
     44   1.1.1.6  christos #AuthorizedKeysCommandUser nobody
     45   1.1.1.6  christos 
     46       1.1  christos # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
     47       1.1  christos #HostbasedAuthentication no
     48       1.1  christos # Change to yes if you don't trust ~/.ssh/known_hosts for
     49  1.1.1.14  christos # HostbasedAuthentication
     50       1.1  christos #IgnoreUserKnownHosts no
     51       1.1  christos # Don't read the user's ~/.rhosts and ~/.shosts files
     52       1.1  christos #IgnoreRhosts yes
     53       1.1  christos 
     54  1.1.1.19  christos # To disable tunneled clear text passwords, change to "no" here!
     55       1.1  christos #PasswordAuthentication yes
     56       1.1  christos #PermitEmptyPasswords no
     57       1.1  christos 
     58  1.1.1.19  christos # Change to "no" to disable keyboard-interactive authentication.  Depending on
     59  1.1.1.19  christos # the system's configuration, this may involve passwords, challenge-response,
     60  1.1.1.19  christos # one-time passwords or some combination of these and other methods.
     61  1.1.1.18  christos #KbdInteractiveAuthentication yes
     62       1.1  christos 
     63       1.1  christos #AllowAgentForwarding yes
     64       1.1  christos #AllowTcpForwarding yes
     65       1.1  christos #GatewayPorts no
     66       1.1  christos #X11Forwarding no
     67       1.1  christos #X11DisplayOffset 10
     68       1.1  christos #X11UseLocalhost yes
     69   1.1.1.8  christos #PermitTTY yes
     70       1.1  christos #PrintMotd yes
     71       1.1  christos #PrintLastLog yes
     72       1.1  christos #TCPKeepAlive yes
     73       1.1  christos #PermitUserEnvironment no
     74       1.1  christos #Compression delayed
     75       1.1  christos #ClientAliveInterval 0
     76       1.1  christos #ClientAliveCountMax 3
     77   1.1.1.9  christos #UseDNS no
     78       1.1  christos #PidFile /var/run/sshd.pid
     79   1.1.1.6  christos #MaxStartups 10:30:100
     80       1.1  christos #PermitTunnel no
     81       1.1  christos #ChrootDirectory none
     82   1.1.1.5  christos #VersionAddendum none
     83       1.1  christos 
     84       1.1  christos # no default banner path
     85       1.1  christos #Banner none
     86       1.1  christos 
     87       1.1  christos # override default of no subsystems
     88       1.1  christos Subsystem	sftp	/usr/libexec/sftp-server
     89       1.1  christos 
     90       1.1  christos # Example of overriding settings on a per-user basis
     91       1.1  christos #Match User anoncvs
     92       1.1  christos #	X11Forwarding no
     93       1.1  christos #	AllowTcpForwarding no
     94   1.1.1.8  christos #	PermitTTY no
     95       1.1  christos #	ForceCommand cvs server
     96