sshd_config revision 1.23
1 # $NetBSD: sshd_config,v 1.23 2018/08/26 07:46:37 christos Exp $ 2 # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ 3 4 # This is the sshd server system-wide configuration file. See 5 # sshd_config(5) for more information. 6 7 # The strategy used for options in the default sshd_config shipped with 8 # OpenSSH is to specify options with their default value where 9 # possible, but leave them commented. Uncommented options override the 10 # default value. 11 12 #Port 22 13 #AddressFamily any 14 #ListenAddress 0.0.0.0 15 #ListenAddress :: 16 17 #HostKey /etc/ssh/ssh_host_rsa_key 18 #HostKey /etc/ssh/ssh_host_ecdsa_key 19 #HostKey /etc/ssh/ssh_host_ed25519_key 20 21 # Ciphers and keying 22 #RekeyLimit default none 23 24 # Logging 25 #SyslogFacility AUTH 26 #LogLevel INFO 27 28 # Authentication: 29 30 # For slow CPUs, bumped from 2 minutes to 10 31 LoginGraceTime 600 32 #PermitRootLogin prohibit-password 33 #StrictModes yes 34 #MaxAuthTries 6 35 #MaxSessions 10 36 37 #PubkeyAuthentication yes 38 39 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 40 # but this is overridden so installations will only check .ssh/authorized_keys 41 AuthorizedKeysFile .ssh/authorized_keys 42 43 #AuthorizedPrincipalsFile none 44 45 #AuthorizedKeysCommand none 46 #AuthorizedKeysCommandUser nobody 47 48 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 49 #HostbasedAuthentication no 50 # Change to yes if you don't trust ~/.ssh/known_hosts for 51 # HostbasedAuthentication 52 #IgnoreUserKnownHosts no 53 # Don't read the user's ~/.rhosts and ~/.shosts files 54 #IgnoreRhosts yes 55 56 # To disable password authentication, set this and UsePam to no 57 #PasswordAuthentication yes 58 #PermitEmptyPasswords no 59 60 # Change to no to disable s/key passwords 61 #ChallengeResponseAuthentication yes 62 63 #AllowAgentForwarding yes 64 #AllowTcpForwarding yes 65 #GatewayPorts no 66 #X11Forwarding no 67 # If you use xorg from pkgsrc then uncomment the following line. 68 #XAuthLocation /usr/pkg/bin/xauth 69 #X11DisplayOffset 10 70 #X11UseLocalhost yes 71 #PermitTTY yes 72 #PrintMotd yes 73 #PrintLastLog yes 74 #TCPKeepAlive yes 75 #UseLogin no 76 #UsePrivilegeSeparation sandbox 77 UsePam yes 78 #PermitUserEnvironment no 79 #Compression delayed 80 #ClientAliveInterval 0 81 #ClientAliveCountMax 3 82 #UseDNS no 83 #PidFile /var/run/sshd.pid 84 #MaxStartups 10:30:100 85 #PermitTunnel no 86 #ChrootDirectory none 87 #VersionAddendum none 88 89 # no default banner path 90 #Banner none 91 92 # here are the new patched ldap related tokens 93 # entries in your LDAP must have posixAccount & ldapPublicKey objectclass 94 #UseLPK yes 95 #LpkLdapConf /etc/ldap.conf 96 #LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ 97 #LpkUserDN ou=users,dc=phear,dc=org 98 #LpkGroupDN ou=groups,dc=phear,dc=org 99 #LpkBindDN cn=Manager,dc=phear,dc=org 100 #LpkBindPw secret 101 #LpkServerGroup mail 102 #LpkFilter (hostAccess=master.phear.org) 103 #LpkForceTLS no 104 #LpkSearchTimelimit 3 105 #LpkBindTimelimit 3 106 #LpkPubKeyAttr sshPublicKey 107 108 # override default of no subsystems 109 Subsystem sftp /usr/libexec/sftp-server 110 111 # the following are HPN related configuration options 112 # tcp receive buffer polling. disable in non autotuning kernels 113 #TcpRcvBufPoll yes 114 115 # allow the use of the none cipher 116 #NoneEnabled no 117 118 # disable hpn performance boosts. 119 #HPNDisabled no 120 121 # buffer size for hpn to non-hpn connections 122 #HPNBufferSize 2048 123 124 125 # Example of overriding settings on a per-user basis 126 #Match User anoncvs 127 # X11Forwarding no 128 # AllowTcpForwarding no 129 # PermitTTY no 130 # ForceCommand cvs server 131
Indexes created Sat Apr 25 00:22:52 UTC 2026