sshd_config

1. # sshd_config
2. # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
3.  
4. # This is the sshd server system-wide configuration file. See
5. # sshd_config(5) for more information.
6.  
7. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
8.  
9. # The strategy used for options in the default sshd_config shipped with
10. # OpenSSH is to specify options with their default value where
11. # possible, but leave them commented. Uncommented options change a
12. # default value.
13.  
14. #Port 22
15. #Protocol 2,1
16. Protocol 2
17. #AddressFamily any
18. #ListenAddress 0.0.0.0
19. #ListenAddress ::
20.  
21. # HostKey for protocol version 1
22. #HostKey /etc/ssh/ssh_host_key
23. # HostKeys for protocol version 2
24. #HostKey /etc/ssh/ssh_host_rsa_key
25. #HostKey /etc/ssh/ssh_host_dsa_key
26.  
27. # Lifetime and size of ephemeral version 1 server key
28. #KeyRegenerationInterval 1h
29. #ServerKeyBits 768
30.  
31. # Logging
32. # obsoletes QuietMode and FascistLogging
33. #SyslogFacility AUTH
34. SyslogFacility AUTHPRIV
35. #LogLevel INFO
36.  
37. # Authentication:
38.  
39. #LoginGraceTime 2m
40. #PermitRootLogin yes
41. #StrictModes yes
42. #MaxAuthTries 6
43.  
44. #RSAAuthentication yes
45. #PubkeyAuthentication yes
46. #AuthorizedKeysFile .ssh/authorized_keys
47.  
48. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
49. #RhostsRSAAuthentication no
50. # similar for protocol version 2
51. #HostbasedAuthentication no
52. # Change to yes if you don't trust ~/.ssh/known_hosts for
53. # RhostsRSAAuthentication and HostbasedAuthentication
54. #IgnoreUserKnownHosts no
55. # Don't read the user's ~/.rhosts and ~/.shosts files
56. #IgnoreRhosts yes
57.  
58. # To disable tunneled clear text passwords, change to no here!
59. #PasswordAuthentication yes
60. #PermitEmptyPasswords no
61. PasswordAuthentication yes
62.  
63. # Change to no to disable s/key passwords
64. #ChallengeResponseAuthentication yes
65. ChallengeResponseAuthentication yes
66.  
67. # Kerberos options
68. #KerberosAuthentication no
69. #KerberosOrLocalPasswd yes
70. #KerberosTicketCleanup yes
71. #KerberosGetAFSToken no
72.  
73. # GSSAPI options
74. #GSSAPIAuthentication no
75. GSSAPIAuthentication yes
76. #GSSAPICleanupCredentials yes
77. GSSAPICleanupCredentials yes
78.  
79. # Set this to 'yes' to enable PAM authentication, account processing,
80. # and session processing. If this is enabled, PAM authentication will
81. # be allowed through the ChallengeResponseAuthentication mechanism.
82. # Depending on your PAM configuration, this may bypass the setting of
83. # PasswordAuthentication, PermitEmptyPasswords, and
84. # "PermitRootLogin without-password". If you just want the PAM account and
85. # session checks to run without PAM authentication, then enable this but set
86. # ChallengeResponseAuthentication=no
87. #UsePAM no
88. UsePAM yes
89.  
90. # Accept locale-related environment variables
91. AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
92. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
93. AcceptEnv LC_IDENTIFICATION LC_ALL
94. #AllowTcpForwarding yes
95. #GatewayPorts no
96. #X11Forwarding no
97. X11Forwarding yes
98. #X11DisplayOffset 10
99. #X11UseLocalhost yes
100. #PrintMotd yes
101. #PrintLastLog yes
102. #TCPKeepAlive yes
103. #UseLogin no
104. #UsePrivilegeSeparation yes
105. #PermitUserEnvironment no
106. #Compression delayed
107. #ClientAliveInterval 0
108. #ClientAliveCountMax 3
109. #ShowPatchLevel no
110. #UseDNS yes
111. #PidFile /var/run/sshd.pid
112. #MaxStartups 10
113. #PermitTunnel no
114. #ChrootDirectory none
115.  
116. # no default banner path
117. #Banner /some/path
118.  
119. # override default of no subsystems
120. Subsystem sftp /usr/libexec/openssh/sftp-server
121.  
122. ## EOF sshd_config