Home | History | Annotate | Line # | Download | only in dist
sshd_config revision 1.4 
      1  1.4      adam #	$NetBSD: sshd_config,v 1.4 2010/11/21 18:29:49 adam Exp $
      2  1.4      adam #	$OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
      3  1.1  christos 
      4  1.1  christos # This is the sshd server system-wide configuration file.  See
      5  1.1  christos # sshd_config(5) for more information.
      6  1.1  christos 
      7  1.1  christos # The strategy used for options in the default sshd_config shipped with
      8  1.1  christos # OpenSSH is to specify options with their default value where
      9  1.1  christos # possible, but leave them commented.  Uncommented options change a
     10  1.1  christos # default value.
     11  1.1  christos 
     12  1.1  christos #Port 22
     13  1.1  christos #AddressFamily any
     14  1.1  christos #ListenAddress 0.0.0.0
     15  1.1  christos #ListenAddress ::
     16  1.1  christos 
     17  1.4      adam # The default requires explicit activation of protocol 1
     18  1.4      adam #Protocol 2
     19  1.1  christos 
     20  1.1  christos # HostKey for protocol version 1
     21  1.1  christos #HostKey /etc/ssh/ssh_host_key
     22  1.1  christos # HostKeys for protocol version 2
     23  1.1  christos #HostKey /etc/ssh/ssh_host_rsa_key
     24  1.1  christos #HostKey /etc/ssh/ssh_host_dsa_key
     25  1.1  christos 
     26  1.1  christos # Lifetime and size of ephemeral version 1 server key
     27  1.1  christos #KeyRegenerationInterval 1h
     28  1.1  christos #ServerKeyBits 1024
     29  1.1  christos 
     30  1.1  christos # Logging
     31  1.1  christos # obsoletes QuietMode and FascistLogging
     32  1.1  christos #SyslogFacility AUTH
     33  1.1  christos #LogLevel INFO
     34  1.1  christos 
     35  1.1  christos # Authentication:
     36  1.1  christos 
     37  1.2  christos LoginGraceTime 600
     38  1.3    dyoung #PermitRootLogin no
     39  1.1  christos #StrictModes yes
     40  1.1  christos #MaxAuthTries 6
     41  1.1  christos #MaxSessions 10
     42  1.1  christos 
     43  1.1  christos #RSAAuthentication yes
     44  1.1  christos #PubkeyAuthentication yes
     45  1.1  christos #AuthorizedKeysFile	.ssh/authorized_keys
     46  1.1  christos 
     47  1.1  christos # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
     48  1.1  christos #RhostsRSAAuthentication no
     49  1.1  christos # similar for protocol version 2
     50  1.1  christos #HostbasedAuthentication no
     51  1.1  christos # Change to yes if you don't trust ~/.ssh/known_hosts for
     52  1.1  christos # RhostsRSAAuthentication and HostbasedAuthentication
     53  1.1  christos #IgnoreUserKnownHosts no
     54  1.1  christos # Don't read the user's ~/.rhosts and ~/.shosts files
     55  1.1  christos #IgnoreRhosts yes
     56  1.1  christos 
     57  1.1  christos # To disable tunneled clear text passwords, change to no here!
     58  1.1  christos #PasswordAuthentication yes
     59  1.1  christos #PermitEmptyPasswords no
     60  1.1  christos 
     61  1.1  christos # Change to no to disable s/key passwords
     62  1.1  christos #ChallengeResponseAuthentication yes
     63  1.1  christos 
     64  1.1  christos # Kerberos options
     65  1.1  christos #KerberosAuthentication no
     66  1.1  christos #KerberosOrLocalPasswd yes
     67  1.1  christos #KerberosTicketCleanup yes
     68  1.1  christos #KerberosGetAFSToken no
     69  1.1  christos 
     70  1.1  christos # GSSAPI options
     71  1.1  christos #GSSAPIAuthentication no
     72  1.1  christos #GSSAPICleanupCredentials yes
     73  1.1  christos 
     74  1.1  christos #AllowAgentForwarding yes
     75  1.1  christos #AllowTcpForwarding yes
     76  1.1  christos #GatewayPorts no
     77  1.1  christos #X11Forwarding no
     78  1.2  christos # If you use xorg from pkgsrc then uncomment the following line.
     79  1.2  christos #XAuthLocation /usr/pkg/bin/xauth
     80  1.1  christos #X11DisplayOffset 10
     81  1.1  christos #X11UseLocalhost yes
     82  1.1  christos #PrintMotd yes
     83  1.1  christos #PrintLastLog yes
     84  1.1  christos #TCPKeepAlive yes
     85  1.1  christos #UseLogin no
     86  1.1  christos #UsePrivilegeSeparation yes
     87  1.2  christos UsePam yes
     88  1.1  christos #PermitUserEnvironment no
     89  1.1  christos #Compression delayed
     90  1.1  christos #ClientAliveInterval 0
     91  1.1  christos #ClientAliveCountMax 3
     92  1.1  christos #UseDNS yes
     93  1.1  christos #PidFile /var/run/sshd.pid
     94  1.1  christos #MaxStartups 10
     95  1.1  christos #PermitTunnel no
     96  1.1  christos #ChrootDirectory none
     97  1.1  christos 
     98  1.1  christos # no default banner path
     99  1.1  christos #Banner none
    100  1.1  christos 
    101  1.1  christos # override default of no subsystems
    102  1.1  christos Subsystem	sftp	/usr/libexec/sftp-server
    103  1.1  christos 
    104  1.2  christos # the following are HPN related configuration options
    105  1.2  christos # tcp receive buffer polling. disable in non autotuning kernels
    106  1.2  christos #TcpRcvBufPoll yes
    107  1.3    dyoung 
    108  1.2  christos # allow the use of the none cipher
    109  1.2  christos #NoneEnabled no
    110  1.2  christos 
    111  1.3    dyoung # disable hpn performance boosts.
    112  1.2  christos #HPNDisabled no
    113  1.2  christos 
    114  1.2  christos # buffer size for hpn to non-hpn connections
    115  1.2  christos #HPNBufferSize 2048
    116  1.2  christos 
    117  1.2  christos 
    118  1.1  christos # Example of overriding settings on a per-user basis
    119  1.1  christos #Match User anoncvs
    120  1.1  christos #	X11Forwarding no
    121  1.1  christos #	AllowTcpForwarding no
    122  1.1  christos #	ForceCommand cvs server
    123