Home | History | Annotate | Line # | Download | only in dist
sshd_config revision 1.1.1.5 
      1  1.1.1.5  christos #	$OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $
      2      1.1  christos 
      3      1.1  christos # This is the sshd server system-wide configuration file.  See
      4      1.1  christos # sshd_config(5) for more information.
      5      1.1  christos 
      6      1.1  christos # The strategy used for options in the default sshd_config shipped with
      7      1.1  christos # OpenSSH is to specify options with their default value where
      8  1.1.1.4  christos # possible, but leave them commented.  Uncommented options override the
      9      1.1  christos # default value.
     10      1.1  christos 
     11      1.1  christos #Port 22
     12      1.1  christos #AddressFamily any
     13      1.1  christos #ListenAddress 0.0.0.0
     14      1.1  christos #ListenAddress ::
     15      1.1  christos 
     16  1.1.1.2      adam # The default requires explicit activation of protocol 1
     17  1.1.1.2      adam #Protocol 2
     18      1.1  christos 
     19      1.1  christos # HostKey for protocol version 1
     20      1.1  christos #HostKey /etc/ssh/ssh_host_key
     21      1.1  christos # HostKeys for protocol version 2
     22      1.1  christos #HostKey /etc/ssh/ssh_host_rsa_key
     23      1.1  christos #HostKey /etc/ssh/ssh_host_dsa_key
     24  1.1.1.3  christos #HostKey /etc/ssh/ssh_host_ecdsa_key
     25      1.1  christos 
     26      1.1  christos # Lifetime and size of ephemeral version 1 server key
     27      1.1  christos #KeyRegenerationInterval 1h
     28      1.1  christos #ServerKeyBits 1024
     29      1.1  christos 
     30      1.1  christos # Logging
     31      1.1  christos # obsoletes QuietMode and FascistLogging
     32      1.1  christos #SyslogFacility AUTH
     33      1.1  christos #LogLevel INFO
     34      1.1  christos 
     35      1.1  christos # Authentication:
     36      1.1  christos 
     37      1.1  christos #LoginGraceTime 2m
     38      1.1  christos #PermitRootLogin yes
     39      1.1  christos #StrictModes yes
     40      1.1  christos #MaxAuthTries 6
     41      1.1  christos #MaxSessions 10
     42      1.1  christos 
     43      1.1  christos #RSAAuthentication yes
     44      1.1  christos #PubkeyAuthentication yes
     45  1.1.1.4  christos 
     46  1.1.1.4  christos # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
     47  1.1.1.4  christos # but this is overridden so installations will only check .ssh/authorized_keys
     48  1.1.1.4  christos AuthorizedKeysFile	.ssh/authorized_keys
     49      1.1  christos 
     50  1.1.1.5  christos #AuthorizedPrincipalsFile none
     51  1.1.1.5  christos 
     52      1.1  christos # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
     53      1.1  christos #RhostsRSAAuthentication no
     54      1.1  christos # similar for protocol version 2
     55      1.1  christos #HostbasedAuthentication no
     56      1.1  christos # Change to yes if you don't trust ~/.ssh/known_hosts for
     57      1.1  christos # RhostsRSAAuthentication and HostbasedAuthentication
     58      1.1  christos #IgnoreUserKnownHosts no
     59      1.1  christos # Don't read the user's ~/.rhosts and ~/.shosts files
     60      1.1  christos #IgnoreRhosts yes
     61      1.1  christos 
     62      1.1  christos # To disable tunneled clear text passwords, change to no here!
     63      1.1  christos #PasswordAuthentication yes
     64      1.1  christos #PermitEmptyPasswords no
     65      1.1  christos 
     66      1.1  christos # Change to no to disable s/key passwords
     67      1.1  christos #ChallengeResponseAuthentication yes
     68      1.1  christos 
     69      1.1  christos # Kerberos options
     70      1.1  christos #KerberosAuthentication no
     71      1.1  christos #KerberosOrLocalPasswd yes
     72      1.1  christos #KerberosTicketCleanup yes
     73      1.1  christos #KerberosGetAFSToken no
     74      1.1  christos 
     75      1.1  christos # GSSAPI options
     76      1.1  christos #GSSAPIAuthentication no
     77      1.1  christos #GSSAPICleanupCredentials yes
     78      1.1  christos 
     79      1.1  christos #AllowAgentForwarding yes
     80      1.1  christos #AllowTcpForwarding yes
     81      1.1  christos #GatewayPorts no
     82      1.1  christos #X11Forwarding no
     83      1.1  christos #X11DisplayOffset 10
     84      1.1  christos #X11UseLocalhost yes
     85      1.1  christos #PrintMotd yes
     86      1.1  christos #PrintLastLog yes
     87      1.1  christos #TCPKeepAlive yes
     88      1.1  christos #UseLogin no
     89  1.1.1.5  christos UsePrivilegeSeparation sandbox		# Default for new installations.
     90      1.1  christos #PermitUserEnvironment no
     91      1.1  christos #Compression delayed
     92      1.1  christos #ClientAliveInterval 0
     93      1.1  christos #ClientAliveCountMax 3
     94      1.1  christos #UseDNS yes
     95      1.1  christos #PidFile /var/run/sshd.pid
     96      1.1  christos #MaxStartups 10
     97      1.1  christos #PermitTunnel no
     98      1.1  christos #ChrootDirectory none
     99  1.1.1.5  christos #VersionAddendum none
    100      1.1  christos 
    101      1.1  christos # no default banner path
    102      1.1  christos #Banner none
    103      1.1  christos 
    104      1.1  christos # override default of no subsystems
    105      1.1  christos Subsystem	sftp	/usr/libexec/sftp-server
    106      1.1  christos 
    107      1.1  christos # Example of overriding settings on a per-user basis
    108      1.1  christos #Match User anoncvs
    109      1.1  christos #	X11Forwarding no
    110      1.1  christos #	AllowTcpForwarding no
    111      1.1  christos #	ForceCommand cvs server
    112