API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 1st, 2011
182
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.08 KB | None | 0 0
raw download clone embed print report
  1. # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
  2.  
  3. # This is the sshd server system-wide configuration file. See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented. Uncommented options change a
  11. # default value.
  12.  
  13. #Port 22
  14. #AddressFamily any
  15. #ListenAddress 0.0.0.0
  16.  
  17. # The default requires explicit activation of protocol 1
  18. #Protocol 2
  19.  
  20. # HostKey for protocol version 1
  21. #HostKey /etc/ssh/ssh_host_key
  22. # HostKeys for protocol version 2
  23. #HostKey /etc/ssh/ssh_host_rsa_key
  24. #HostKey /etc/ssh/ssh_host_dsa_key
  25.  
  26. # Lifetime and size of ephemeral version 1 server key
  27. #KeyRegenerationInterval 1h
  28. #ServerKeyBits 1024
  29.  
  30. # Logging
  31. # obsoletes QuietMode and FascistLogging
  32. #SyslogFacility AUTH
  33. LogLevel VERBOSE
  34.  
  35. # Authentication:
  36.  
  37. #LoginGraceTime 2m
  38. PermitRootLogin yes
  39. #StrictModes yes
  40. MaxAuthTries 6
  41. #MaxSessions 10
  42.  
  43. #RSAAuthentication yes
  44. #PubkeyAuthentication yes
  45. #AuthorizedKeysFile .ssh/authorized_keys
  46.  
  47. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  48. #RhostsRSAAuthentication no
  49. # similar for protocol version 2
  50. #HostbasedAuthentication no
  51. # Change to yes if you don't trust ~/.ssh/known_hosts for
  52. # RhostsRSAAuthentication and HostbasedAuthentication
  53. #IgnoreUserKnownHosts no
  54. # Don't read the user's ~/.rhosts and ~/.shosts files
  55. #IgnoreRhosts yes
  56.  
  57. # To disable tunneled clear text passwords, change to no here!
  58. PasswordAuthentication yes
  59. #PermitEmptyPasswords no
  60.  
  61. # Change to no to disable s/key passwords
  62. #ChallengeResponseAuthentication yes
  63.  
  64. # Kerberos options
  65. #KerberosAuthentication no
  66. #KerberosOrLocalPasswd yes
  67. #KerberosTicketCleanup yes
  68. #KerberosGetAFSToken no
  69.  
  70. # GSSAPI options
  71. #GSSAPIAuthentication no
  72. #GSSAPICleanupCredentials yes
  73.  
  74. # Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
  75. # mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
  76. # in this release. The use of 'gssapi' is deprecated due to the presence of
  77. # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
  78. #GSSAPIEnableMITMAttack no
  79.  
  80.  
  81. # Set this to 'yes' to enable PAM authentication, account processing,
  82. # and session processing. If this is enabled, PAM authentication will
  83. # be allowed through the ChallengeResponseAuthentication and
  84. # PasswordAuthentication. Depending on your PAM configuration,
  85. # PAM authentication via ChallengeResponseAuthentication may bypass
  86. # the setting of "PermitRootLogin without-password".
  87. # If you just want the PAM account and session checks to run without
  88. # PAM authentication, then enable this but set PasswordAuthentication
  89. # and ChallengeResponseAuthentication to 'no'.
  90. UsePAM yes
  91.  
  92. #AllowAgentForwarding yes
  93. #AllowTcpForwarding yes
  94. #GatewayPorts no
  95. #X11Forwarding yes
  96. #X11DisplayOffset 10
  97. #X11UseLocalhost yes
  98. #PrintMotd yes
  99. #PrintLastLog yes
  100. #TCPKeepAlive yes
  101. #UseLogin no
  102. #UsePrivilegeSeparation yes
  103. #PermitUserEnvironment no
  104. #Compression delayed
  105. #ClientAliveInterval 0
  106. #ClientAliveCountMax 3
  107. #UseDNS yes
  108. #PidFile /var/run/sshd.pid
  109. #MaxStartups 10
  110. #PermitTunnel no
  111. #ChrootDirectory none
  112.  
  113. # no default banner path
  114. #Banner none
  115.  
  116. # override default of no subsystems
  117. #Subsystem sftp /usr/lib64/ssh/sftp-server
  118. Subsystem sftp internal-sftp
  119.  
  120. # This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
  121. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  122. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  123. AcceptEnv LC_IDENTIFICATION LC_ALL
  124.  
  125. # Example of overriding settings on a per-user basis
  126. #Match User anoncvs
  127. # X11Forwarding no
  128. # AllowTcpForwarding no
  129. # ForceCommand cvs server
  130.  
  131. Match group sftponly
  132. ChrootDirectory /u/chroot/%u
  133. X11Forwarding no
  134. AllowTcpForwarding no
  135. PasswordAuthentication yes
  136. ForceCommand internal-sftp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!