sshd_config revision 1.1.1.12
1 # $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ 2 3 # This is the sshd server system-wide configuration file. See 4 # sshd_config(5) for more information. 5 6 # The strategy used for options in the default sshd_config shipped with 7 # OpenSSH is to specify options with their default value where 8 # possible, but leave them commented. Uncommented options override the 9 # default value. 10 11 #Port 22 12 #AddressFamily any 13 #ListenAddress 0.0.0.0 14 #ListenAddress :: 15 16 # The default requires explicit activation of protocol 1 17 #Protocol 2 18 19 # HostKey for protocol version 1 20 #HostKey /etc/ssh/ssh_host_key 21 # HostKeys for protocol version 2 22 #HostKey /etc/ssh/ssh_host_rsa_key 23 #HostKey /etc/ssh/ssh_host_dsa_key 24 #HostKey /etc/ssh/ssh_host_ecdsa_key 25 #HostKey /etc/ssh/ssh_host_ed25519_key 26 27 # Lifetime and size of ephemeral version 1 server key 28 #KeyRegenerationInterval 1h 29 #ServerKeyBits 1024 30 31 # Ciphers and keying 32 #RekeyLimit default none 33 34 # Logging 35 # obsoletes QuietMode and FascistLogging 36 #SyslogFacility AUTH 37 #LogLevel INFO 38 39 # Authentication: 40 41 #LoginGraceTime 2m 42 #PermitRootLogin prohibit-password 43 #StrictModes yes 44 #MaxAuthTries 6 45 #MaxSessions 10 46 47 #RSAAuthentication yes 48 #PubkeyAuthentication yes 49 50 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 51 # but this is overridden so installations will only check .ssh/authorized_keys 52 AuthorizedKeysFile .ssh/authorized_keys 53 54 #AuthorizedPrincipalsFile none 55 56 #AuthorizedKeysCommand none 57 #AuthorizedKeysCommandUser nobody 58 59 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 60 #RhostsRSAAuthentication no 61 # similar for protocol version 2 62 #HostbasedAuthentication no 63 # Change to yes if you don't trust ~/.ssh/known_hosts for 64 # RhostsRSAAuthentication and HostbasedAuthentication 65 #IgnoreUserKnownHosts no 66 # Don't read the user's ~/.rhosts and ~/.shosts files 67 #IgnoreRhosts yes 68 69 # To disable tunneled clear text passwords, change to no here! 70 #PasswordAuthentication yes 71 #PermitEmptyPasswords no 72 73 # Change to no to disable s/key passwords 74 #ChallengeResponseAuthentication yes 75 76 #AllowAgentForwarding yes 77 #AllowTcpForwarding yes 78 #GatewayPorts no 79 #X11Forwarding no 80 #X11DisplayOffset 10 81 #X11UseLocalhost yes 82 #PermitTTY yes 83 #PrintMotd yes 84 #PrintLastLog yes 85 #TCPKeepAlive yes 86 #UseLogin no 87 #UsePrivilegeSeparation sandbox 88 #PermitUserEnvironment no 89 #Compression delayed 90 #ClientAliveInterval 0 91 #ClientAliveCountMax 3 92 #UseDNS no 93 #PidFile /var/run/sshd.pid 94 #MaxStartups 10:30:100 95 #PermitTunnel no 96 #ChrootDirectory none 97 #VersionAddendum none 98 99 # no default banner path 100 #Banner none 101 102 # override default of no subsystems 103 Subsystem sftp /usr/libexec/sftp-server 104 105 # Example of overriding settings on a per-user basis 106 #Match User anoncvs 107 # X11Forwarding no 108 # AllowTcpForwarding no 109 # PermitTTY no 110 # ForceCommand cvs server 111
Indexes created Sat Apr 25 00:22:52 UTC 2026