# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $# This is the

1. # $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
2.  
3. # This is the sshd server system-wide configuration file. See
4. # sshd_config(5) for more information.
5.  
6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7.  
8. # The strategy used for options in the default sshd_config shipped with
9. # OpenSSH is to specify options with their default value where
10. # possible, but leave them commented. Uncommented options change a
11. # default value.
12.  
13. Port 7813
14. AllowUsers MON_NOM_D_UTILISATEUR
15. #AddressFamily any
16. #ListenAddress 0.0.0.0
17. #ListenAddress ::
18.  
19. # The default requires explicit activation of protocol 1
20. #Protocol 2
21.  
22. # HostKey for protocol version 1
23. #HostKey /etc/ssh/ssh_host_key
24. # HostKeys for protocol version 2
25. #HostKey /etc/ssh/ssh_host_rsa_key
26. #HostKey /etc/ssh/ssh_host_dsa_key
27. #HostKey /etc/ssh/ssh_host_ecdsa_key
28.  
29. # Lifetime and size of ephemeral version 1 server key
30. #KeyRegenerationInterval 1h
31. #ServerKeyBits 1024
32.  
33. # Logging
34. # obsoletes QuietMode and FascistLogging
35. #SyslogFacility AUTH
36. #LogLevel INFO
37.  
38. # Authentication:
39.  
40. #LoginGraceTime 2m
41. PermitRootLogin no
42. #StrictModes yes
43. #MaxAuthTries 6
44. #MaxSessions 10
45.  
46. #RSAAuthentication yes
47. #PubkeyAuthentication yes
48. #AuthorizedKeysFile .ssh/authorized_keys
49.  
50. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
51. #RhostsRSAAuthentication no
52. # similar for protocol version 2
53. #HostbasedAuthentication no
54. # Change to yes if you don't trust ~/.ssh/known_hosts for
55. # RhostsRSAAuthentication and HostbasedAuthentication
56. #IgnoreUserKnownHosts no
57. # Don't read the user's ~/.rhosts and ~/.shosts files
58. #IgnoreRhosts yes
59.  
60. # To disable tunneled clear text passwords, change to no here!
61. PasswordAuthentication yes
62. #PermitEmptyPasswords no
63.  
64. # Change to no to disable s/key passwords
65. ChallengeResponseAuthentication no
66.  
67. # Kerberos options
68. #KerberosAuthentication no
69. #KerberosOrLocalPasswd yes
70. #KerberosTicketCleanup yes
71. #KerberosGetAFSToken no
72.  
73. # GSSAPI options
74. #GSSAPIAuthentication no
75. #GSSAPICleanupCredentials yes
76.  
77. # Set this to 'yes' to enable PAM authentication, account processing,
78. # and session processing. If this is enabled, PAM authentication will
79. # be allowed through the ChallengeResponseAuthentication and
80. # PasswordAuthentication. Depending on your PAM configuration,
81. # PAM authentication via ChallengeResponseAuthentication may bypass
82. # the setting of "PermitRootLogin without-password".
83. # If you just want the PAM account and session checks to run without
84. # PAM authentication, then enable this but set PasswordAuthentication
85. # and ChallengeResponseAuthentication to 'no'.
86. UsePAM yes
87.  
88. #AllowAgentForwarding yes
89. #AllowTcpForwarding yes
90. #GatewayPorts no
91. #X11Forwarding no
92. #X11DisplayOffset 10
93. #X11UseLocalhost yes
94. #PrintMotd yes
95. #PrintLastLog yes
96. #TCPKeepAlive yes
97. #UseLogin no
98. #UsePrivilegeSeparation yes
99. #PermitUserEnvironment no
100. #Compression delayed
101. #ClientAliveInterval 0
102. #ClientAliveCountMax 3
103. #UseDNS yes
104. #PidFile /var/run/sshd.pid
105. #MaxStartups 10
106. #PermitTunnel no
107. #ChrootDirectory none
108.  
109. # no default banner path
110. Banner /etc/ssh/message.txt
111.  
112. # override default of no subsystems
113. Subsystem sftp /usr/lib/ssh/sftp-server
114.  
115. # Example of overriding settings on a per-user basis
116. #Match User anoncvs
117. # X11Forwarding no
118. # AllowTcpForwarding no
119. # ForceCommand cvs server