#Port 22#AddressFamily any#ListenAddress 0.0.0.0#ListenAddress ::# Dis

1. #Port 22
2. #AddressFamily any
3. #ListenAddress 0.0.0.0
4. #ListenAddress ::
5.  
6. # Disable legacy (protocol version 1) support in the server for new
7. # installations. In future the default will change to require explicit
8. # activation of protocol 1
9. Protocol 2
10.  
11. # HostKey for protocol version 1
12. #HostKey /etc/ssh/ssh_host_key
13. # HostKeys for protocol version 2
14. #HostKey /etc/ssh/ssh_host_rsa_key
15. #HostKey /etc/ssh/ssh_host_dsa_key
16.  
17. # Lifetime and size of ephemeral version 1 server key
18. #KeyRegenerationInterval 1h
19. #ServerKeyBits 1024
20.  
21. # Logging
22. # obsoletes QuietMode and FascistLogging
23. #SyslogFacility AUTH
24. SyslogFacility AUTHPRIV
25. #LogLevel INFO
26.  
27. # Authentication:
28.  
29. #LoginGraceTime 2m
30. #PermitRootLogin yes
31. #StrictModes yes
32. #MaxAuthTries 6
33. #MaxSessions 10
34.  
35. #RSAAuthentication yes
36. #PubkeyAuthentication yes
37. #AuthorizedKeysFile .ssh/authorized_keys
38. #AuthorizedKeysCommand none
39. #AuthorizedKeysCommandRunAs nobody
40.  
41. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
42. #RhostsRSAAuthentication no
43. # similar for protocol version 2
44. #HostbasedAuthentication no
45. # Change to yes if you don't trust ~/.ssh/known_hosts for
46. # RhostsRSAAuthentication and HostbasedAuthentication
47. #IgnoreUserKnownHosts no
48. # Don't read the user's ~/.rhosts and ~/.shosts files
49. #IgnoreRhosts yes
50.  
51. # To disable tunneled clear text passwords, change to no here!
52. #PasswordAuthentication yes
53. #PermitEmptyPasswords no
54. PasswordAuthentication yes
55.  
56. # Change to no to disable s/key passwords
57. #ChallengeResponseAuthentication yes
58. ChallengeResponseAuthentication no
59.  
60. # Kerberos options
61. #KerberosAuthentication no
62. #KerberosOrLocalPasswd yes
63. #KerberosTicketCleanup yes
64. #KerberosGetAFSToken no
65.  
66. # GSSAPI options
67. #GSSAPIAuthentication no
68. GSSAPIAuthentication yes
69. #GSSAPICleanupCredentials yes
70. GSSAPICleanupCredentials yes
71. #GSSAPIStrictAcceptorCheck yes
72. #GSSAPIKeyExchange no
73.  
74. # Set this to 'yes' to enable PAM authentication, account processing,
75. # and session processing. If this is enabled, PAM authentication will
76. # be allowed through the ChallengeResponseAuthentication and
77. # PasswordAuthentication. Depending on your PAM configuration,
78. # PAM authentication via ChallengeResponseAuthentication may bypass
79. # the setting of "PermitRootLogin without-password".
80. # If you just want the PAM account and session checks to run without
81. # PAM authentication, then enable this but set PasswordAuthentication
82. # and ChallengeResponseAuthentication to 'no'.
83. #UsePAM no
84. UsePAM yes
85.  
86. # Accept locale-related environment variables
87. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
88. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
89. AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
90. AcceptEnv XMODIFIERS
91.  
92. #AllowAgentForwarding yes
93. #AllowTcpForwarding yes
94. #GatewayPorts no
95. #X11Forwarding no
96. X11Forwarding yes
97. #X11DisplayOffset 10
98. #X11UseLocalhost yes
99. #PrintMotd yes
100. #PrintLastLog yes
101. #TCPKeepAlive yes
102. #UseLogin no
103. #UsePrivilegeSeparation yes
104. #PermitUserEnvironment no
105. #Compression delayed
106. #ClientAliveInterval 0
107. #ClientAliveCountMax 3
108. #ShowPatchLevel no
109. #UseDNS yes
110. #PidFile /var/run/sshd.pid
111. #MaxStartups 10
112. #PermitTunnel no
113. #ChrootDirectory none
114.  
115. # no default banner path
116. #Banner none
117.  
118. # override default of no subsystems
119. Subsystem sftp /usr/libexec/openssh/sftp-server
120.  
121. # Example of overriding settings on a per-user basis
122. #Match User anoncvs
123. # X11Forwarding no
124. # AllowTcpForwarding no
125. # ForceCommand cvs server
126.  
127. AllowUsers webvis
128. AllowUSers dongzongssh