Home | History | Annotate | Line # | Download | only in dist
sshd_config revision 1.1.1.19 
      1 #	$OpenBSD: sshd_config,v 1.105 2024/12/03 14:12:47 dtucker Exp $
      2 
      3 # This is the sshd server system-wide configuration file.  See
      4 # sshd_config(5) for more information.
      5 
      6 # The strategy used for options in the default sshd_config shipped with
      7 # OpenSSH is to specify options with their default value where
      8 # possible, but leave them commented.  Uncommented options override the
      9 # default value.
     10 
     11 #Port 22
     12 #AddressFamily any
     13 #ListenAddress 0.0.0.0
     14 #ListenAddress ::
     15 
     16 #HostKey /etc/ssh/ssh_host_rsa_key
     17 #HostKey /etc/ssh/ssh_host_ecdsa_key
     18 #HostKey /etc/ssh/ssh_host_ed25519_key
     19 
     20 # Ciphers and keying
     21 #RekeyLimit default none
     22 
     23 # Logging
     24 #SyslogFacility AUTH
     25 #LogLevel INFO
     26 
     27 # Authentication:
     28 
     29 #LoginGraceTime 2m
     30 #PermitRootLogin prohibit-password
     31 #StrictModes yes
     32 #MaxAuthTries 6
     33 #MaxSessions 10
     34 
     35 #PubkeyAuthentication yes
     36 
     37 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
     38 # but this is overridden so installations will only check .ssh/authorized_keys
     39 AuthorizedKeysFile	.ssh/authorized_keys
     40 
     41 #AuthorizedPrincipalsFile none
     42 
     43 #AuthorizedKeysCommand none
     44 #AuthorizedKeysCommandUser nobody
     45 
     46 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
     47 #HostbasedAuthentication no
     48 # Change to yes if you don't trust ~/.ssh/known_hosts for
     49 # HostbasedAuthentication
     50 #IgnoreUserKnownHosts no
     51 # Don't read the user's ~/.rhosts and ~/.shosts files
     52 #IgnoreRhosts yes
     53 
     54 # To disable tunneled clear text passwords, change to "no" here!
     55 #PasswordAuthentication yes
     56 #PermitEmptyPasswords no
     57 
     58 # Change to "no" to disable keyboard-interactive authentication.  Depending on
     59 # the system's configuration, this may involve passwords, challenge-response,
     60 # one-time passwords or some combination of these and other methods.
     61 #KbdInteractiveAuthentication yes
     62 
     63 #AllowAgentForwarding yes
     64 #AllowTcpForwarding yes
     65 #GatewayPorts no
     66 #X11Forwarding no
     67 #X11DisplayOffset 10
     68 #X11UseLocalhost yes
     69 #PermitTTY yes
     70 #PrintMotd yes
     71 #PrintLastLog yes
     72 #TCPKeepAlive yes
     73 #PermitUserEnvironment no
     74 #Compression delayed
     75 #ClientAliveInterval 0
     76 #ClientAliveCountMax 3
     77 #UseDNS no
     78 #PidFile /var/run/sshd.pid
     79 #MaxStartups 10:30:100
     80 #PermitTunnel no
     81 #ChrootDirectory none
     82 #VersionAddendum none
     83 
     84 # no default banner path
     85 #Banner none
     86 
     87 # override default of no subsystems
     88 Subsystem	sftp	/usr/libexec/sftp-server
     89 
     90 # Example of overriding settings on a per-user basis
     91 #Match User anoncvs
     92 #	X11Forwarding no
     93 #	AllowTcpForwarding no
     94 #	PermitTTY no
     95 #	ForceCommand cvs server
     96