sshd_config revision 1.7
1 1.7 christos # $NetBSD: sshd_config,v 1.7 2011/07/25 03:03:11 christos Exp $ 2 1.7 christos # $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ 3 1.1 christos 4 1.1 christos # This is the sshd server system-wide configuration file. See 5 1.1 christos # sshd_config(5) for more information. 6 1.1 christos 7 1.1 christos # The strategy used for options in the default sshd_config shipped with 8 1.1 christos # OpenSSH is to specify options with their default value where 9 1.1 christos # possible, but leave them commented. Uncommented options change a 10 1.1 christos # default value. 11 1.1 christos 12 1.1 christos #Port 22 13 1.1 christos #AddressFamily any 14 1.1 christos #ListenAddress 0.0.0.0 15 1.1 christos #ListenAddress :: 16 1.1 christos 17 1.4 adam # The default requires explicit activation of protocol 1 18 1.4 adam #Protocol 2 19 1.1 christos 20 1.1 christos # HostKey for protocol version 1 21 1.1 christos #HostKey /etc/ssh/ssh_host_key 22 1.1 christos # HostKeys for protocol version 2 23 1.1 christos #HostKey /etc/ssh/ssh_host_rsa_key 24 1.1 christos #HostKey /etc/ssh/ssh_host_dsa_key 25 1.7 christos #HostKey /etc/ssh/ssh_host_ecdsa_key 26 1.1 christos 27 1.1 christos # Lifetime and size of ephemeral version 1 server key 28 1.1 christos #KeyRegenerationInterval 1h 29 1.1 christos #ServerKeyBits 1024 30 1.1 christos 31 1.1 christos # Logging 32 1.1 christos # obsoletes QuietMode and FascistLogging 33 1.1 christos #SyslogFacility AUTH 34 1.1 christos #LogLevel INFO 35 1.1 christos 36 1.1 christos # Authentication: 37 1.1 christos 38 1.2 christos LoginGraceTime 600 39 1.3 dyoung #PermitRootLogin no 40 1.1 christos #StrictModes yes 41 1.1 christos #MaxAuthTries 6 42 1.1 christos #MaxSessions 10 43 1.1 christos 44 1.1 christos #RSAAuthentication yes 45 1.1 christos #PubkeyAuthentication yes 46 1.1 christos #AuthorizedKeysFile .ssh/authorized_keys 47 1.1 christos 48 1.1 christos # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 49 1.1 christos #RhostsRSAAuthentication no 50 1.1 christos # similar for protocol version 2 51 1.1 christos #HostbasedAuthentication no 52 1.1 christos # Change to yes if you don't trust ~/.ssh/known_hosts for 53 1.1 christos # RhostsRSAAuthentication and HostbasedAuthentication 54 1.1 christos #IgnoreUserKnownHosts no 55 1.1 christos # Don't read the user's ~/.rhosts and ~/.shosts files 56 1.1 christos #IgnoreRhosts yes 57 1.1 christos 58 1.6 jruoho # To disable password authentication, set this and UsePam to no 59 1.1 christos #PasswordAuthentication yes 60 1.1 christos #PermitEmptyPasswords no 61 1.1 christos 62 1.1 christos # Change to no to disable s/key passwords 63 1.1 christos #ChallengeResponseAuthentication yes 64 1.1 christos 65 1.1 christos # Kerberos options 66 1.1 christos #KerberosAuthentication no 67 1.1 christos #KerberosOrLocalPasswd yes 68 1.1 christos #KerberosTicketCleanup yes 69 1.1 christos #KerberosGetAFSToken no 70 1.1 christos 71 1.1 christos # GSSAPI options 72 1.1 christos #GSSAPIAuthentication no 73 1.1 christos #GSSAPICleanupCredentials yes 74 1.1 christos 75 1.1 christos #AllowAgentForwarding yes 76 1.1 christos #AllowTcpForwarding yes 77 1.1 christos #GatewayPorts no 78 1.1 christos #X11Forwarding no 79 1.2 christos # If you use xorg from pkgsrc then uncomment the following line. 80 1.2 christos #XAuthLocation /usr/pkg/bin/xauth 81 1.1 christos #X11DisplayOffset 10 82 1.1 christos #X11UseLocalhost yes 83 1.1 christos #PrintMotd yes 84 1.1 christos #PrintLastLog yes 85 1.1 christos #TCPKeepAlive yes 86 1.1 christos #UseLogin no 87 1.1 christos #UsePrivilegeSeparation yes 88 1.2 christos UsePam yes 89 1.1 christos #PermitUserEnvironment no 90 1.1 christos #Compression delayed 91 1.1 christos #ClientAliveInterval 0 92 1.1 christos #ClientAliveCountMax 3 93 1.1 christos #UseDNS yes 94 1.1 christos #PidFile /var/run/sshd.pid 95 1.1 christos #MaxStartups 10 96 1.1 christos #PermitTunnel no 97 1.1 christos #ChrootDirectory none 98 1.1 christos 99 1.1 christos # no default banner path 100 1.1 christos #Banner none 101 1.1 christos 102 1.5 adam # here are the new patched ldap related tokens 103 1.5 adam # entries in your LDAP must have posixAccount & ldapPublicKey objectclass 104 1.5 adam #UseLPK yes 105 1.5 adam #LpkLdapConf /etc/ldap.conf 106 1.5 adam #LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ 107 1.5 adam #LpkUserDN ou=users,dc=phear,dc=org 108 1.5 adam #LpkGroupDN ou=groups,dc=phear,dc=org 109 1.5 adam #LpkBindDN cn=Manager,dc=phear,dc=org 110 1.5 adam #LpkBindPw secret 111 1.5 adam #LpkServerGroup mail 112 1.5 adam #LpkFilter (hostAccess=master.phear.org) 113 1.5 adam #LpkForceTLS no 114 1.5 adam #LpkSearchTimelimit 3 115 1.5 adam #LpkBindTimelimit 3 116 1.5 adam #LpkPubKeyAttr sshPublicKey 117 1.5 adam 118 1.1 christos # override default of no subsystems 119 1.1 christos Subsystem sftp /usr/libexec/sftp-server 120 1.1 christos 121 1.2 christos # the following are HPN related configuration options 122 1.2 christos # tcp receive buffer polling. disable in non autotuning kernels 123 1.2 christos #TcpRcvBufPoll yes 124 1.3 dyoung 125 1.2 christos # allow the use of the none cipher 126 1.2 christos #NoneEnabled no 127 1.2 christos 128 1.3 dyoung # disable hpn performance boosts. 129 1.2 christos #HPNDisabled no 130 1.2 christos 131 1.2 christos # buffer size for hpn to non-hpn connections 132 1.2 christos #HPNBufferSize 2048 133 1.2 christos 134 1.2 christos 135 1.1 christos # Example of overriding settings on a per-user basis 136 1.1 christos #Match User anoncvs 137 1.1 christos # X11Forwarding no 138 1.1 christos # AllowTcpForwarding no 139 1.1 christos # ForceCommand cvs server 140
Indexes created Tue May 05 00:25:04 UTC 2026