sshd_config revision 1.3
1 # $NetBSD: sshd_config,v 1.3 2009/08/17 22:58:28 dyoung Exp $ 2 # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ 3 4 # This is the sshd server system-wide configuration file. See 5 # sshd_config(5) for more information. 6 7 # The strategy used for options in the default sshd_config shipped with 8 # OpenSSH is to specify options with their default value where 9 # possible, but leave them commented. Uncommented options change a 10 # default value. 11 12 #Port 22 13 #AddressFamily any 14 #ListenAddress 0.0.0.0 15 #ListenAddress :: 16 17 # Disable legacy (protocol version 1) support in the server for new 18 # installations. In future the default will change to require explicit 19 # activation of protocol 1 20 Protocol 2 21 22 # HostKey for protocol version 1 23 #HostKey /etc/ssh/ssh_host_key 24 # HostKeys for protocol version 2 25 #HostKey /etc/ssh/ssh_host_rsa_key 26 #HostKey /etc/ssh/ssh_host_dsa_key 27 28 # Lifetime and size of ephemeral version 1 server key 29 #KeyRegenerationInterval 1h 30 #ServerKeyBits 1024 31 32 # Logging 33 # obsoletes QuietMode and FascistLogging 34 #SyslogFacility AUTH 35 #LogLevel INFO 36 37 # Authentication: 38 39 LoginGraceTime 600 40 #PermitRootLogin no 41 #StrictModes yes 42 #MaxAuthTries 6 43 #MaxSessions 10 44 45 #RSAAuthentication yes 46 #PubkeyAuthentication yes 47 #AuthorizedKeysFile .ssh/authorized_keys 48 49 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 50 #RhostsRSAAuthentication no 51 # similar for protocol version 2 52 #HostbasedAuthentication no 53 # Change to yes if you don't trust ~/.ssh/known_hosts for 54 # RhostsRSAAuthentication and HostbasedAuthentication 55 #IgnoreUserKnownHosts no 56 # Don't read the user's ~/.rhosts and ~/.shosts files 57 #IgnoreRhosts yes 58 59 # To disable tunneled clear text passwords, change to no here! 60 #PasswordAuthentication yes 61 #PermitEmptyPasswords no 62 63 # Change to no to disable s/key passwords 64 #ChallengeResponseAuthentication yes 65 66 # Kerberos options 67 #KerberosAuthentication no 68 #KerberosOrLocalPasswd yes 69 #KerberosTicketCleanup yes 70 #KerberosGetAFSToken no 71 72 # GSSAPI options 73 #GSSAPIAuthentication no 74 #GSSAPICleanupCredentials yes 75 76 #AllowAgentForwarding yes 77 #AllowTcpForwarding yes 78 #GatewayPorts no 79 #X11Forwarding no 80 # If you use xorg from pkgsrc then uncomment the following line. 81 #XAuthLocation /usr/pkg/bin/xauth 82 #X11DisplayOffset 10 83 #X11UseLocalhost yes 84 #PrintMotd yes 85 #PrintLastLog yes 86 #TCPKeepAlive yes 87 #UseLogin no 88 #UsePrivilegeSeparation yes 89 UsePam yes 90 #PermitUserEnvironment no 91 #Compression delayed 92 #ClientAliveInterval 0 93 #ClientAliveCountMax 3 94 #UseDNS yes 95 #PidFile /var/run/sshd.pid 96 #MaxStartups 10 97 #PermitTunnel no 98 #ChrootDirectory none 99 100 # no default banner path 101 #Banner none 102 103 # override default of no subsystems 104 Subsystem sftp /usr/libexec/sftp-server 105 106 # the following are HPN related configuration options 107 # tcp receive buffer polling. disable in non autotuning kernels 108 #TcpRcvBufPoll yes 109 110 # allow the use of the none cipher 111 #NoneEnabled no 112 113 # disable hpn performance boosts. 114 #HPNDisabled no 115 116 # buffer size for hpn to non-hpn connections 117 #HPNBufferSize 2048 118 119 120 # Example of overriding settings on a per-user basis 121 #Match User anoncvs 122 # X11Forwarding no 123 # AllowTcpForwarding no 124 # ForceCommand cvs server 125
Indexes created Sat Apr 25 00:22:52 UTC 2026