sshd_config revision 1.24
1 # $NetBSD: sshd_config,v 1.24 2020/02/28 10:59:58 kim Exp $ 2 # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ 3 4 # This is the sshd server system-wide configuration file. See 5 # sshd_config(5) for more information. 6 7 # The strategy used for options in the default sshd_config shipped with 8 # OpenSSH is to specify options with their default value where 9 # possible, but leave them commented. Uncommented options override the 10 # default value. 11 12 #Port 22 13 #AddressFamily any 14 #ListenAddress 0.0.0.0 15 #ListenAddress :: 16 17 #HostKey /etc/ssh/ssh_host_rsa_key 18 #HostKey /etc/ssh/ssh_host_ecdsa_key 19 #HostKey /etc/ssh/ssh_host_ed25519_key 20 21 # Ciphers and keying 22 #RekeyLimit default none 23 24 # Logging 25 #SyslogFacility AUTH 26 #LogLevel INFO 27 28 # Authentication: 29 30 # For slow CPUs, bumped from 2 minutes to 10 31 LoginGraceTime 600 32 #PermitRootLogin prohibit-password 33 #StrictModes yes 34 #MaxAuthTries 6 35 #MaxSessions 10 36 37 #PubkeyAuthentication yes 38 39 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 40 # but this is overridden so installations will only check .ssh/authorized_keys 41 AuthorizedKeysFile .ssh/authorized_keys 42 43 #AuthorizedPrincipalsFile none 44 45 #AuthorizedKeysCommand none 46 #AuthorizedKeysCommandUser nobody 47 48 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 49 #HostbasedAuthentication no 50 # Change to yes if you don't trust ~/.ssh/known_hosts for 51 # HostbasedAuthentication 52 #IgnoreUserKnownHosts no 53 # Don't read the user's ~/.rhosts and ~/.shosts files 54 #IgnoreRhosts yes 55 56 # To disable password authentication, set this and UsePAM to no 57 #PasswordAuthentication yes 58 #PermitEmptyPasswords no 59 60 # Change to no to disable s/key passwords 61 #ChallengeResponseAuthentication yes 62 63 #AllowAgentForwarding yes 64 #AllowTcpForwarding yes 65 #GatewayPorts no 66 #X11Forwarding no 67 # If you use xorg from pkgsrc then uncomment the following line. 68 #XAuthLocation /usr/pkg/bin/xauth 69 #X11DisplayOffset 10 70 #X11UseLocalhost yes 71 #PermitTTY yes 72 #PrintMotd yes 73 #PrintLastLog yes 74 #TCPKeepAlive yes 75 UsePAM yes 76 #PermitUserEnvironment no 77 #Compression delayed 78 #ClientAliveInterval 0 79 #ClientAliveCountMax 3 80 #UseDNS no 81 #PidFile /var/run/sshd.pid 82 #MaxStartups 10:30:100 83 #PermitTunnel no 84 #ChrootDirectory none 85 #VersionAddendum none 86 87 # no default banner path 88 #Banner none 89 90 # here are the new patched ldap related tokens 91 # entries in your LDAP must have posixAccount & ldapPublicKey objectclass 92 #UseLPK yes 93 #LpkLdapConf /etc/ldap.conf 94 #LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ 95 #LpkUserDN ou=users,dc=phear,dc=org 96 #LpkGroupDN ou=groups,dc=phear,dc=org 97 #LpkBindDN cn=Manager,dc=phear,dc=org 98 #LpkBindPw secret 99 #LpkServerGroup mail 100 #LpkFilter (hostAccess=master.phear.org) 101 #LpkForceTLS no 102 #LpkSearchTimelimit 3 103 #LpkBindTimelimit 3 104 #LpkPubKeyAttr sshPublicKey 105 106 # override default of no subsystems 107 Subsystem sftp /usr/libexec/sftp-server 108 109 # the following are HPN related configuration options 110 # tcp receive buffer polling. disable in non autotuning kernels 111 #TcpRcvBufPoll yes 112 113 # allow the use of the none cipher 114 #NoneEnabled no 115 116 # disable hpn performance boosts. 117 #HPNDisabled no 118 119 # buffer size for hpn to non-hpn connections 120 #HPNBufferSize 2048 121 122 # Example of overriding settings on a per-user basis 123 #Match User anoncvs 124 # X11Forwarding no 125 # AllowTcpForwarding no 126 # PermitTTY no 127 # ForceCommand cvs server 128
Indexes created Sat Apr 25 00:22:52 UTC 2026