sshd_config revision 1.1.1.7
1 1.1.1.7 christos # $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ 2 1.1 christos 3 1.1 christos # This is the sshd server system-wide configuration file. See 4 1.1 christos # sshd_config(5) for more information. 5 1.1 christos 6 1.1 christos # The strategy used for options in the default sshd_config shipped with 7 1.1 christos # OpenSSH is to specify options with their default value where 8 1.1.1.4 christos # possible, but leave them commented. Uncommented options override the 9 1.1 christos # default value. 10 1.1 christos 11 1.1 christos #Port 22 12 1.1 christos #AddressFamily any 13 1.1 christos #ListenAddress 0.0.0.0 14 1.1 christos #ListenAddress :: 15 1.1 christos 16 1.1.1.2 adam # The default requires explicit activation of protocol 1 17 1.1.1.2 adam #Protocol 2 18 1.1 christos 19 1.1 christos # HostKey for protocol version 1 20 1.1 christos #HostKey /etc/ssh/ssh_host_key 21 1.1 christos # HostKeys for protocol version 2 22 1.1 christos #HostKey /etc/ssh/ssh_host_rsa_key 23 1.1 christos #HostKey /etc/ssh/ssh_host_dsa_key 24 1.1.1.3 christos #HostKey /etc/ssh/ssh_host_ecdsa_key 25 1.1 christos 26 1.1 christos # Lifetime and size of ephemeral version 1 server key 27 1.1 christos #KeyRegenerationInterval 1h 28 1.1 christos #ServerKeyBits 1024 29 1.1 christos 30 1.1.1.7 christos # Ciphers and keying 31 1.1.1.7 christos #RekeyLimit default none 32 1.1.1.7 christos 33 1.1 christos # Logging 34 1.1 christos # obsoletes QuietMode and FascistLogging 35 1.1 christos #SyslogFacility AUTH 36 1.1 christos #LogLevel INFO 37 1.1 christos 38 1.1 christos # Authentication: 39 1.1 christos 40 1.1 christos #LoginGraceTime 2m 41 1.1 christos #PermitRootLogin yes 42 1.1 christos #StrictModes yes 43 1.1 christos #MaxAuthTries 6 44 1.1 christos #MaxSessions 10 45 1.1 christos 46 1.1 christos #RSAAuthentication yes 47 1.1 christos #PubkeyAuthentication yes 48 1.1.1.4 christos 49 1.1.1.4 christos # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 50 1.1.1.4 christos # but this is overridden so installations will only check .ssh/authorized_keys 51 1.1.1.4 christos AuthorizedKeysFile .ssh/authorized_keys 52 1.1 christos 53 1.1.1.5 christos #AuthorizedPrincipalsFile none 54 1.1.1.5 christos 55 1.1.1.6 christos #AuthorizedKeysCommand none 56 1.1.1.6 christos #AuthorizedKeysCommandUser nobody 57 1.1.1.6 christos 58 1.1 christos # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 59 1.1 christos #RhostsRSAAuthentication no 60 1.1 christos # similar for protocol version 2 61 1.1 christos #HostbasedAuthentication no 62 1.1 christos # Change to yes if you don't trust ~/.ssh/known_hosts for 63 1.1 christos # RhostsRSAAuthentication and HostbasedAuthentication 64 1.1 christos #IgnoreUserKnownHosts no 65 1.1 christos # Don't read the user's ~/.rhosts and ~/.shosts files 66 1.1 christos #IgnoreRhosts yes 67 1.1 christos 68 1.1 christos # To disable tunneled clear text passwords, change to no here! 69 1.1 christos #PasswordAuthentication yes 70 1.1 christos #PermitEmptyPasswords no 71 1.1 christos 72 1.1 christos # Change to no to disable s/key passwords 73 1.1 christos #ChallengeResponseAuthentication yes 74 1.1 christos 75 1.1 christos # Kerberos options 76 1.1 christos #KerberosAuthentication no 77 1.1 christos #KerberosOrLocalPasswd yes 78 1.1 christos #KerberosTicketCleanup yes 79 1.1 christos #KerberosGetAFSToken no 80 1.1 christos 81 1.1 christos # GSSAPI options 82 1.1 christos #GSSAPIAuthentication no 83 1.1 christos #GSSAPICleanupCredentials yes 84 1.1 christos 85 1.1 christos #AllowAgentForwarding yes 86 1.1 christos #AllowTcpForwarding yes 87 1.1 christos #GatewayPorts no 88 1.1 christos #X11Forwarding no 89 1.1 christos #X11DisplayOffset 10 90 1.1 christos #X11UseLocalhost yes 91 1.1 christos #PrintMotd yes 92 1.1 christos #PrintLastLog yes 93 1.1 christos #TCPKeepAlive yes 94 1.1 christos #UseLogin no 95 1.1.1.5 christos UsePrivilegeSeparation sandbox # Default for new installations. 96 1.1 christos #PermitUserEnvironment no 97 1.1 christos #Compression delayed 98 1.1 christos #ClientAliveInterval 0 99 1.1 christos #ClientAliveCountMax 3 100 1.1 christos #UseDNS yes 101 1.1 christos #PidFile /var/run/sshd.pid 102 1.1.1.6 christos #MaxStartups 10:30:100 103 1.1 christos #PermitTunnel no 104 1.1 christos #ChrootDirectory none 105 1.1.1.5 christos #VersionAddendum none 106 1.1 christos 107 1.1 christos # no default banner path 108 1.1 christos #Banner none 109 1.1 christos 110 1.1 christos # override default of no subsystems 111 1.1 christos Subsystem sftp /usr/libexec/sftp-server 112 1.1 christos 113 1.1 christos # Example of overriding settings on a per-user basis 114 1.1 christos #Match User anoncvs 115 1.1 christos # X11Forwarding no 116 1.1 christos # AllowTcpForwarding no 117 1.1 christos # ForceCommand cvs server 118
Indexes created Sat Apr 25 00:22:52 UTC 2026