API tools faq
paste
Advertisement
Guest User

sshd_config

a guest
Dec 9th, 2012
96
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.44 KB | None | 0 0
raw download clone embed print report
  1. # $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $
  2.  
  3. # This is the sshd server system-wide configuration file. See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented. Uncommented options override the
  11. # default value.
  12.  
  13. #Port 22
  14. #AddressFamily any
  15. #ListenAddress 0.0.0.0
  16. #ListenAddress ::
  17.  
  18. # The default requires explicit activation of protocol 1
  19. #Protocol 2
  20.  
  21. # HostKey for protocol version 1
  22. #HostKey /etc/ssh/ssh_host_key
  23. # HostKeys for protocol version 2
  24. #HostKey /etc/ssh/ssh_host_rsa_key
  25. #HostKey /etc/ssh/ssh_host_dsa_key
  26. #HostKey /etc/ssh/ssh_host_ecdsa_key
  27.  
  28. # Lifetime and size of ephemeral version 1 server key
  29. #KeyRegenerationInterval 1h
  30. #ServerKeyBits 1024
  31.  
  32. # Logging
  33. # obsoletes QuietMode and FascistLogging
  34. #SyslogFacility AUTH
  35. #LogLevel INFO
  36.  
  37. # Authentication:
  38.  
  39. #LoginGraceTime 2m
  40. #PermitRootLogin yes
  41. #StrictModes yes
  42. MaxAuthTries 20
  43. #MaxSessions 10
  44.  
  45. #RSAAuthentication yes
  46. #PubkeyAuthentication yes
  47.  
  48. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  49. # but this is overridden so installations will only check .ssh/authorized_keys
  50. #AuthorizedKeysFile .ssh/authorized_keys
  51.  
  52. #AuthorizedPrincipalsFile none
  53.  
  54. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  55. #RhostsRSAAuthentication no
  56. # similar for protocol version 2
  57. #HostbasedAuthentication no
  58. # Change to yes if you don't trust ~/.ssh/known_hosts for
  59. # RhostsRSAAuthentication and HostbasedAuthentication
  60. #IgnoreUserKnownHosts no
  61. # Don't read the user's ~/.rhosts and ~/.shosts files
  62. #IgnoreRhosts yes
  63.  
  64. # To disable tunneled clear text passwords, change to no here!
  65. PasswordAuthentication yes
  66. #PermitEmptyPasswords no
  67. AllowUsers svetlov@*
  68. # Change to no to disable s/key passwords
  69. #ChallengeResponseAuthentication yes
  70.  
  71. # Kerberos options
  72. #KerberosAuthentication no
  73. #KerberosOrLocalPasswd yes
  74. #KerberosTicketCleanup yes
  75. #KerberosGetAFSToken no
  76.  
  77. # GSSAPI options
  78. #GSSAPIAuthentication no
  79. #GSSAPICleanupCredentials yes
  80. #GSSAPIStrictAcceptorCheck yes
  81.  
  82. # Set this to 'yes' to enable PAM authentication, account processing,
  83. # and session processing. If this is enabled, PAM authentication will
  84. # be allowed through the ChallengeResponseAuthentication and
  85. # PasswordAuthentication. Depending on your PAM configuration,
  86. # PAM authentication via ChallengeResponseAuthentication may bypass
  87. # the setting of "PermitRootLogin without-password".
  88. # If you just want the PAM account and session checks to run without
  89. # PAM authentication, then enable this but set PasswordAuthentication
  90. # and ChallengeResponseAuthentication to 'no'.
  91. UsePAM yes
  92.  
  93. #AllowAgentForwarding yes
  94. #AllowTcpForwarding yes
  95. #GatewayPorts no
  96. #X11Forwarding no
  97. #X11DisplayOffset 10
  98. #X11UseLocalhost yes
  99. PrintMotd no
  100. PrintLastLog no
  101. #TCPKeepAlive yes
  102. #UseLogin no
  103. UsePrivilegeSeparation sandbox # Default for new installations.
  104. #PermitUserEnvironment no
  105. #Compression delayed
  106. #ClientAliveInterval 0
  107. #ClientAliveCountMax 3
  108. #UseDNS yes
  109. #PidFile /var/run/sshd.pid
  110. #MaxStartups 10
  111. #PermitTunnel no
  112. #ChrootDirectory none
  113. #VersionAddendum none
  114.  
  115. # no default banner path
  116. #Banner none
  117.  
  118. # here are the new patched ldap related tokens
  119. # entries in your LDAP must have posixAccount & ldapPublicKey objectclass
  120. #UseLPK yes
  121. #LpkLdapConf /etc/ldap.conf
  122. #LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/
  123. #LpkUserDN ou=users,dc=phear,dc=org
  124. #LpkGroupDN ou=groups,dc=phear,dc=org
  125. #LpkBindDN cn=Manager,dc=phear,dc=org
  126. #LpkBindPw secret
  127. #LpkServerGroup mail
  128. #LpkFilter (hostAccess=master.phear.org)
  129. #LpkForceTLS no
  130. #LpkSearchTimelimit 3
  131. #LpkBindTimelimit 3
  132. #LpkPubKeyAttr sshPublicKey
  133.  
  134. # override default of no subsystems
  135. Subsystem sftp /usr/lib64/misc/sftp-server
  136.  
  137. # the following are HPN related configuration options
  138. # tcp receive buffer polling. disable in non autotuning kernels
  139. #TcpRcvBufPoll yes
  140.  
  141. # allow the use of the none cipher
  142. #NoneEnabled no
  143.  
  144. # disable hpn performance boosts.
  145. #HPNDisabled no
  146.  
  147. # buffer size for hpn to non-hpn connections
  148. #HPNBufferSize 2048
  149.  
  150.  
  151. # Example of overriding settings on a per-user basis
  152. #Match User anoncvs
  153. # X11Forwarding no
  154. # AllowTcpForwarding no
  155. # ForceCommand cvs server
  156.  
  157. # Allow client to pass locale environment variables #367017
  158. AcceptEnv LANG LC_*
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!