sshd_config revision 1.1.1.13
1 # $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ 2 3 # This is the sshd server system-wide configuration file. See 4 # sshd_config(5) for more information. 5 6 # The strategy used for options in the default sshd_config shipped with 7 # OpenSSH is to specify options with their default value where 8 # possible, but leave them commented. Uncommented options override the 9 # default value. 10 11 #Port 22 12 #AddressFamily any 13 #ListenAddress 0.0.0.0 14 #ListenAddress :: 15 16 # The default requires explicit activation of protocol 1 17 #Protocol 2 18 19 # HostKey for protocol version 1 20 #HostKey /etc/ssh/ssh_host_key 21 # HostKeys for protocol version 2 22 #HostKey /etc/ssh/ssh_host_rsa_key 23 #HostKey /etc/ssh/ssh_host_dsa_key 24 #HostKey /etc/ssh/ssh_host_ecdsa_key 25 #HostKey /etc/ssh/ssh_host_ed25519_key 26 27 # Lifetime and size of ephemeral version 1 server key 28 #KeyRegenerationInterval 1h 29 #ServerKeyBits 1024 30 31 # Ciphers and keying 32 #RekeyLimit default none 33 34 # Logging 35 #SyslogFacility AUTH 36 #LogLevel INFO 37 38 # Authentication: 39 40 #LoginGraceTime 2m 41 #PermitRootLogin prohibit-password 42 #StrictModes yes 43 #MaxAuthTries 6 44 #MaxSessions 10 45 46 #RSAAuthentication yes 47 #PubkeyAuthentication yes 48 49 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 50 # but this is overridden so installations will only check .ssh/authorized_keys 51 AuthorizedKeysFile .ssh/authorized_keys 52 53 #AuthorizedPrincipalsFile none 54 55 #AuthorizedKeysCommand none 56 #AuthorizedKeysCommandUser nobody 57 58 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 59 #RhostsRSAAuthentication no 60 # similar for protocol version 2 61 #HostbasedAuthentication no 62 # Change to yes if you don't trust ~/.ssh/known_hosts for 63 # RhostsRSAAuthentication and HostbasedAuthentication 64 #IgnoreUserKnownHosts no 65 # Don't read the user's ~/.rhosts and ~/.shosts files 66 #IgnoreRhosts yes 67 68 # To disable tunneled clear text passwords, change to no here! 69 #PasswordAuthentication yes 70 #PermitEmptyPasswords no 71 72 # Change to no to disable s/key passwords 73 #ChallengeResponseAuthentication yes 74 75 #AllowAgentForwarding yes 76 #AllowTcpForwarding yes 77 #GatewayPorts no 78 #X11Forwarding no 79 #X11DisplayOffset 10 80 #X11UseLocalhost yes 81 #PermitTTY yes 82 #PrintMotd yes 83 #PrintLastLog yes 84 #TCPKeepAlive yes 85 #UseLogin no 86 #UsePrivilegeSeparation sandbox 87 #PermitUserEnvironment no 88 #Compression delayed 89 #ClientAliveInterval 0 90 #ClientAliveCountMax 3 91 #UseDNS no 92 #PidFile /var/run/sshd.pid 93 #MaxStartups 10:30:100 94 #PermitTunnel no 95 #ChrootDirectory none 96 #VersionAddendum none 97 98 # no default banner path 99 #Banner none 100 101 # override default of no subsystems 102 Subsystem sftp /usr/libexec/sftp-server 103 104 # Example of overriding settings on a per-user basis 105 #Match User anoncvs 106 # X11Forwarding no 107 # AllowTcpForwarding no 108 # PermitTTY no 109 # ForceCommand cvs server 110
Indexes created Sat Apr 25 00:22:52 UTC 2026