Home | History | Annotate | Line # | Download | only in dist
sshd_config revision 1.1.1.15 
      1 #	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
      2 
      3 # This is the sshd server system-wide configuration file.  See
      4 # sshd_config(5) for more information.
      5 
      6 # The strategy used for options in the default sshd_config shipped with
      7 # OpenSSH is to specify options with their default value where
      8 # possible, but leave them commented.  Uncommented options override the
      9 # default value.
     10 
     11 #Port 22
     12 #AddressFamily any
     13 #ListenAddress 0.0.0.0
     14 #ListenAddress ::
     15 
     16 #HostKey /etc/ssh/ssh_host_rsa_key
     17 #HostKey /etc/ssh/ssh_host_dsa_key
     18 #HostKey /etc/ssh/ssh_host_ecdsa_key
     19 #HostKey /etc/ssh/ssh_host_ed25519_key
     20 
     21 # Ciphers and keying
     22 #RekeyLimit default none
     23 
     24 # Logging
     25 #SyslogFacility AUTH
     26 #LogLevel INFO
     27 
     28 # Authentication:
     29 
     30 #LoginGraceTime 2m
     31 #PermitRootLogin prohibit-password
     32 #StrictModes yes
     33 #MaxAuthTries 6
     34 #MaxSessions 10
     35 
     36 #PubkeyAuthentication yes
     37 
     38 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
     39 # but this is overridden so installations will only check .ssh/authorized_keys
     40 AuthorizedKeysFile	.ssh/authorized_keys
     41 
     42 #AuthorizedPrincipalsFile none
     43 
     44 #AuthorizedKeysCommand none
     45 #AuthorizedKeysCommandUser nobody
     46 
     47 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
     48 #HostbasedAuthentication no
     49 # Change to yes if you don't trust ~/.ssh/known_hosts for
     50 # HostbasedAuthentication
     51 #IgnoreUserKnownHosts no
     52 # Don't read the user's ~/.rhosts and ~/.shosts files
     53 #IgnoreRhosts yes
     54 
     55 # To disable tunneled clear text passwords, change to no here!
     56 #PasswordAuthentication yes
     57 #PermitEmptyPasswords no
     58 
     59 # Change to no to disable s/key passwords
     60 #ChallengeResponseAuthentication yes
     61 
     62 #AllowAgentForwarding yes
     63 #AllowTcpForwarding yes
     64 #GatewayPorts no
     65 #X11Forwarding no
     66 #X11DisplayOffset 10
     67 #X11UseLocalhost yes
     68 #PermitTTY yes
     69 #PrintMotd yes
     70 #PrintLastLog yes
     71 #TCPKeepAlive yes
     72 #UseLogin no
     73 #PermitUserEnvironment no
     74 #Compression delayed
     75 #ClientAliveInterval 0
     76 #ClientAliveCountMax 3
     77 #UseDNS no
     78 #PidFile /var/run/sshd.pid
     79 #MaxStartups 10:30:100
     80 #PermitTunnel no
     81 #ChrootDirectory none
     82 #VersionAddendum none
     83 
     84 # no default banner path
     85 #Banner none
     86 
     87 # override default of no subsystems
     88 Subsystem	sftp	/usr/libexec/sftp-server
     89 
     90 # Example of overriding settings on a per-user basis
     91 #Match User anoncvs
     92 #	X11Forwarding no
     93 #	AllowTcpForwarding no
     94 #	PermitTTY no
     95 #	ForceCommand cvs server
     96