sshd_config revision 1.5
1 # $NetBSD: sshd_config,v 1.5 2010/11/21 18:59:04 adam Exp $ 2 # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $ 3 4 # This is the sshd server system-wide configuration file. See 5 # sshd_config(5) for more information. 6 7 # The strategy used for options in the default sshd_config shipped with 8 # OpenSSH is to specify options with their default value where 9 # possible, but leave them commented. Uncommented options change a 10 # default value. 11 12 #Port 22 13 #AddressFamily any 14 #ListenAddress 0.0.0.0 15 #ListenAddress :: 16 17 # The default requires explicit activation of protocol 1 18 #Protocol 2 19 20 # HostKey for protocol version 1 21 #HostKey /etc/ssh/ssh_host_key 22 # HostKeys for protocol version 2 23 #HostKey /etc/ssh/ssh_host_rsa_key 24 #HostKey /etc/ssh/ssh_host_dsa_key 25 26 # Lifetime and size of ephemeral version 1 server key 27 #KeyRegenerationInterval 1h 28 #ServerKeyBits 1024 29 30 # Logging 31 # obsoletes QuietMode and FascistLogging 32 #SyslogFacility AUTH 33 #LogLevel INFO 34 35 # Authentication: 36 37 LoginGraceTime 600 38 #PermitRootLogin no 39 #StrictModes yes 40 #MaxAuthTries 6 41 #MaxSessions 10 42 43 #RSAAuthentication yes 44 #PubkeyAuthentication yes 45 #AuthorizedKeysFile .ssh/authorized_keys 46 47 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 48 #RhostsRSAAuthentication no 49 # similar for protocol version 2 50 #HostbasedAuthentication no 51 # Change to yes if you don't trust ~/.ssh/known_hosts for 52 # RhostsRSAAuthentication and HostbasedAuthentication 53 #IgnoreUserKnownHosts no 54 # Don't read the user's ~/.rhosts and ~/.shosts files 55 #IgnoreRhosts yes 56 57 # To disable tunneled clear text passwords, change to no here! 58 #PasswordAuthentication yes 59 #PermitEmptyPasswords no 60 61 # Change to no to disable s/key passwords 62 #ChallengeResponseAuthentication yes 63 64 # Kerberos options 65 #KerberosAuthentication no 66 #KerberosOrLocalPasswd yes 67 #KerberosTicketCleanup yes 68 #KerberosGetAFSToken no 69 70 # GSSAPI options 71 #GSSAPIAuthentication no 72 #GSSAPICleanupCredentials yes 73 74 #AllowAgentForwarding yes 75 #AllowTcpForwarding yes 76 #GatewayPorts no 77 #X11Forwarding no 78 # If you use xorg from pkgsrc then uncomment the following line. 79 #XAuthLocation /usr/pkg/bin/xauth 80 #X11DisplayOffset 10 81 #X11UseLocalhost yes 82 #PrintMotd yes 83 #PrintLastLog yes 84 #TCPKeepAlive yes 85 #UseLogin no 86 #UsePrivilegeSeparation yes 87 UsePam yes 88 #PermitUserEnvironment no 89 #Compression delayed 90 #ClientAliveInterval 0 91 #ClientAliveCountMax 3 92 #UseDNS yes 93 #PidFile /var/run/sshd.pid 94 #MaxStartups 10 95 #PermitTunnel no 96 #ChrootDirectory none 97 98 # no default banner path 99 #Banner none 100 101 # here are the new patched ldap related tokens 102 # entries in your LDAP must have posixAccount & ldapPublicKey objectclass 103 #UseLPK yes 104 #LpkLdapConf /etc/ldap.conf 105 #LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ 106 #LpkUserDN ou=users,dc=phear,dc=org 107 #LpkGroupDN ou=groups,dc=phear,dc=org 108 #LpkBindDN cn=Manager,dc=phear,dc=org 109 #LpkBindPw secret 110 #LpkServerGroup mail 111 #LpkFilter (hostAccess=master.phear.org) 112 #LpkForceTLS no 113 #LpkSearchTimelimit 3 114 #LpkBindTimelimit 3 115 #LpkPubKeyAttr sshPublicKey 116 117 # override default of no subsystems 118 Subsystem sftp /usr/libexec/sftp-server 119 120 # the following are HPN related configuration options 121 # tcp receive buffer polling. disable in non autotuning kernels 122 #TcpRcvBufPoll yes 123 124 # allow the use of the none cipher 125 #NoneEnabled no 126 127 # disable hpn performance boosts. 128 #HPNDisabled no 129 130 # buffer size for hpn to non-hpn connections 131 #HPNBufferSize 2048 132 133 134 # Example of overriding settings on a per-user basis 135 #Match User anoncvs 136 # X11Forwarding no 137 # AllowTcpForwarding no 138 # ForceCommand cvs server 139
Indexes created Tue May 05 00:25:04 UTC 2026