sshd_config revision 1.4
1 # $NetBSD: sshd_config,v 1.4 2010/11/21 18:29:49 adam Exp $ 2 # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $ 3 4 # This is the sshd server system-wide configuration file. See 5 # sshd_config(5) for more information. 6 7 # The strategy used for options in the default sshd_config shipped with 8 # OpenSSH is to specify options with their default value where 9 # possible, but leave them commented. Uncommented options change a 10 # default value. 11 12 #Port 22 13 #AddressFamily any 14 #ListenAddress 0.0.0.0 15 #ListenAddress :: 16 17 # The default requires explicit activation of protocol 1 18 #Protocol 2 19 20 # HostKey for protocol version 1 21 #HostKey /etc/ssh/ssh_host_key 22 # HostKeys for protocol version 2 23 #HostKey /etc/ssh/ssh_host_rsa_key 24 #HostKey /etc/ssh/ssh_host_dsa_key 25 26 # Lifetime and size of ephemeral version 1 server key 27 #KeyRegenerationInterval 1h 28 #ServerKeyBits 1024 29 30 # Logging 31 # obsoletes QuietMode and FascistLogging 32 #SyslogFacility AUTH 33 #LogLevel INFO 34 35 # Authentication: 36 37 LoginGraceTime 600 38 #PermitRootLogin no 39 #StrictModes yes 40 #MaxAuthTries 6 41 #MaxSessions 10 42 43 #RSAAuthentication yes 44 #PubkeyAuthentication yes 45 #AuthorizedKeysFile .ssh/authorized_keys 46 47 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 48 #RhostsRSAAuthentication no 49 # similar for protocol version 2 50 #HostbasedAuthentication no 51 # Change to yes if you don't trust ~/.ssh/known_hosts for 52 # RhostsRSAAuthentication and HostbasedAuthentication 53 #IgnoreUserKnownHosts no 54 # Don't read the user's ~/.rhosts and ~/.shosts files 55 #IgnoreRhosts yes 56 57 # To disable tunneled clear text passwords, change to no here! 58 #PasswordAuthentication yes 59 #PermitEmptyPasswords no 60 61 # Change to no to disable s/key passwords 62 #ChallengeResponseAuthentication yes 63 64 # Kerberos options 65 #KerberosAuthentication no 66 #KerberosOrLocalPasswd yes 67 #KerberosTicketCleanup yes 68 #KerberosGetAFSToken no 69 70 # GSSAPI options 71 #GSSAPIAuthentication no 72 #GSSAPICleanupCredentials yes 73 74 #AllowAgentForwarding yes 75 #AllowTcpForwarding yes 76 #GatewayPorts no 77 #X11Forwarding no 78 # If you use xorg from pkgsrc then uncomment the following line. 79 #XAuthLocation /usr/pkg/bin/xauth 80 #X11DisplayOffset 10 81 #X11UseLocalhost yes 82 #PrintMotd yes 83 #PrintLastLog yes 84 #TCPKeepAlive yes 85 #UseLogin no 86 #UsePrivilegeSeparation yes 87 UsePam yes 88 #PermitUserEnvironment no 89 #Compression delayed 90 #ClientAliveInterval 0 91 #ClientAliveCountMax 3 92 #UseDNS yes 93 #PidFile /var/run/sshd.pid 94 #MaxStartups 10 95 #PermitTunnel no 96 #ChrootDirectory none 97 98 # no default banner path 99 #Banner none 100 101 # override default of no subsystems 102 Subsystem sftp /usr/libexec/sftp-server 103 104 # the following are HPN related configuration options 105 # tcp receive buffer polling. disable in non autotuning kernels 106 #TcpRcvBufPoll yes 107 108 # allow the use of the none cipher 109 #NoneEnabled no 110 111 # disable hpn performance boosts. 112 #HPNDisabled no 113 114 # buffer size for hpn to non-hpn connections 115 #HPNBufferSize 2048 116 117 118 # Example of overriding settings on a per-user basis 119 #Match User anoncvs 120 # X11Forwarding no 121 # AllowTcpForwarding no 122 # ForceCommand cvs server 123
Indexes created Mon Apr 27 00:23:16 UTC 2026