sshd_config revision 1.19
1 # $NetBSD: sshd_config,v 1.19 2017/02/01 14:27:37 christos Exp $ 2 # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ 3 4 # This is the sshd server system-wide configuration file. See 5 # sshd_config(5) for more information. 6 7 # The strategy used for options in the default sshd_config shipped with 8 # OpenSSH is to specify options with their default value where 9 # possible, but leave them commented. Uncommented options override the 10 # default value. 11 12 #Port 22 13 #AddressFamily any 14 #ListenAddress 0.0.0.0 15 #ListenAddress :: 16 17 #HostKey /etc/ssh/ssh_host_rsa_key 18 #HostKey /etc/ssh/ssh_host_dsa_key 19 #HostKey /etc/ssh/ssh_host_ecdsa_key 20 #HostKey /etc/ssh/ssh_host_ed25519_key 21 22 # Ciphers and keying 23 #RekeyLimit default none 24 25 # Logging 26 #SyslogFacility AUTH 27 #LogLevel INFO 28 29 # Authentication: 30 31 # For slow CPUs, bumped from 2 minutes to 10 32 LoginGraceTime 600 33 #PermitRootLogin prohibit-password 34 #StrictModes yes 35 #MaxAuthTries 6 36 #MaxSessions 10 37 38 #PubkeyAuthentication yes 39 40 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 41 # but this is overridden so installations will only check .ssh/authorized_keys 42 AuthorizedKeysFile .ssh/authorized_keys 43 44 #AuthorizedPrincipalsFile none 45 46 #AuthorizedKeysCommand none 47 #AuthorizedKeysCommandUser nobody 48 49 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 50 #HostbasedAuthentication no 51 # Change to yes if you don't trust ~/.ssh/known_hosts for 52 # HostbasedAuthentication 53 #IgnoreUserKnownHosts no 54 # Don't read the user's ~/.rhosts and ~/.shosts files 55 #IgnoreRhosts yes 56 57 # To disable password authentication, set this and UsePam to no 58 #PasswordAuthentication yes 59 #PermitEmptyPasswords no 60 61 # Change to no to disable s/key passwords 62 #ChallengeResponseAuthentication yes 63 64 #AllowAgentForwarding yes 65 #AllowTcpForwarding yes 66 #GatewayPorts no 67 #X11Forwarding no 68 # If you use xorg from pkgsrc then uncomment the following line. 69 #XAuthLocation /usr/pkg/bin/xauth 70 #X11DisplayOffset 10 71 #X11UseLocalhost yes 72 #PermitTTY yes 73 #PrintMotd yes 74 #PrintLastLog yes 75 #TCPKeepAlive yes 76 #UseLogin no 77 #UsePrivilegeSeparation sandbox 78 UsePam yes 79 #PermitUserEnvironment no 80 #Compression delayed 81 #ClientAliveInterval 0 82 #ClientAliveCountMax 3 83 #UseDNS no 84 #PidFile /var/run/sshd.pid 85 #MaxStartups 10:30:100 86 #PermitTunnel no 87 #ChrootDirectory none 88 #VersionAddendum none 89 90 # no default banner path 91 #Banner none 92 93 # here are the new patched ldap related tokens 94 # entries in your LDAP must have posixAccount & ldapPublicKey objectclass 95 #UseLPK yes 96 #LpkLdapConf /etc/ldap.conf 97 #LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ 98 #LpkUserDN ou=users,dc=phear,dc=org 99 #LpkGroupDN ou=groups,dc=phear,dc=org 100 #LpkBindDN cn=Manager,dc=phear,dc=org 101 #LpkBindPw secret 102 #LpkServerGroup mail 103 #LpkFilter (hostAccess=master.phear.org) 104 #LpkForceTLS no 105 #LpkSearchTimelimit 3 106 #LpkBindTimelimit 3 107 #LpkPubKeyAttr sshPublicKey 108 109 # override default of no subsystems 110 Subsystem sftp /usr/libexec/sftp-server 111 112 # the following are HPN related configuration options 113 # tcp receive buffer polling. disable in non autotuning kernels 114 #TcpRcvBufPoll yes 115 116 # allow the use of the none cipher 117 #NoneEnabled no 118 119 # disable hpn performance boosts. 120 #HPNDisabled no 121 122 # buffer size for hpn to non-hpn connections 123 #HPNBufferSize 2048 124 125 126 # Example of overriding settings on a per-user basis 127 #Match User anoncvs 128 # X11Forwarding no 129 # AllowTcpForwarding no 130 # PermitTTY no 131 # ForceCommand cvs server 132
Indexes created Sat Apr 25 00:22:52 UTC 2026