sshd

1. #       $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $
2.  
3. # This is the sshd server system-wide configuration file.  See
4. # sshd_config(5) for more information.
5.  
6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7.  
8. # The strategy used for options in the default sshd_config shipped with
9. # OpenSSH is to specify options with their default value where
10. # possible, but leave them commented.  Uncommented options override the
11. # default value.
12.  
13. Port 22
14. #AddressFamily any
15. #ListenAddress 0.0.0.0
16. #ListenAddress ::
17.  
18. # The default requires explicit activation of protocol 1
19. #Protocol 2
20.  
21. # HostKey for protocol version 1
22. #HostKey /etc/ssh/ssh_host_key
23. # HostKeys for protocol version 2
24. #HostKey /etc/ssh/ssh_host_rsa_key
25. #HostKey /etc/ssh/ssh_host_dsa_key
26. #HostKey /etc/ssh/ssh_host_ecdsa_key
27.  
28. # Lifetime and size of ephemeral version 1 server key
29. #KeyRegenerationInterval 1h
30. #ServerKeyBits 1024
31.  
32. # Logging
33. # obsoletes QuietMode and FascistLogging
34. #SyslogFacility AUTH
35. #LogLevel INFO
36.  
37. # Authentication:
38.  
39. #LoginGraceTime 2m
40. #PermitRootLogin yes
41. #StrictModes yes
42. #MaxAuthTries 6
43. #MaxSessions 10
44.  
45. #RSAAuthentication yes
46. #PubkeyAuthentication yes
47.  
48. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
49. # but this is overridden so installations will only check .ssh/authorized_keys
50. AuthorizedKeysFile      .ssh/authorized_keys
51.  
52. #AuthorizedPrincipalsFile none
53.  
54. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
55. #RhostsRSAAuthentication no
56. # similar for protocol version 2
57. #HostbasedAuthentication no
58. # Change to yes if you don't trust ~/.ssh/known_hosts for
59. # RhostsRSAAuthentication and HostbasedAuthentication
60. #IgnoreUserKnownHosts no
61. # Don't read the user's ~/.rhosts and ~/.shosts files
62. #IgnoreRhosts yes
63.  
64. # To disable tunneled clear text passwords, change to no here!
65. #PasswordAuthentication yes
66. #PermitEmptyPasswords no
67.  
68. # Change to no to disable s/key passwords
69. ChallengeResponseAuthentication no
70.  
71. # Kerberos options
72. #KerberosAuthentication no
73. #KerberosOrLocalPasswd yes
74. #KerberosTicketCleanup yes
75. #KerberosGetAFSToken no
76.  
77. # GSSAPI options
78. #GSSAPIAuthentication no
79. #GSSAPICleanupCredentials yes
80.  
81. # Set this to 'yes' to enable PAM authentication, account processing,
82. # and session processing. If this is enabled, PAM authentication will
83. # be allowed through the ChallengeResponseAuthentication and
84. # PasswordAuthentication.  Depending on your PAM configuration,
85. # PAM authentication via ChallengeResponseAuthentication may bypass
86. # the setting of "PermitRootLogin without-password".
87. # If you just want the PAM account and session checks to run without
88. # PAM authentication, then enable this but set PasswordAuthentication
89. # and ChallengeResponseAuthentication to 'no'.
90. UsePAM yes
91.  
92. #AllowAgentForwarding yes
93. #AllowTcpForwarding yes
94. #GatewayPorts no
95. #X11Forwarding no
96. #X11DisplayOffset 10
97. #X11UseLocalhost yes
98. #PrintMotd yes
99. #PrintLastLog yes
100. #TCPKeepAlive yes
101. #UseLogin no
102. UsePrivilegeSeparation sandbox          # Default for new installations.
103. #PermitUserEnvironment no
104. #Compression delayed
105. #ClientAliveInterval 0
106. #ClientAliveCountMax 3
107. #UseDNS yes
108. #PidFile /run/sshd.pid
109. #MaxStartups 10
110. #PermitTunnel no
111. #ChrootDirectory none
112. #VersionAddendum none
113.  
114. # no default banner path
115. #Banner none
116.  
117. # override default of no subsystems
118. Subsystem       sftp    /usr/lib/ssh/sftp-server
119.  
120. # Example of overriding settings on a per-user basis
121. #Match User anoncvs
122. #       X11Forwarding no
123. #       AllowTcpForwarding no
124. #       ForceCommand cvs server