API tools faq
paste
Advertisement
fame220

sshd_config

fame220
Aug 9th, 2013
295
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.74 KB | None | 0 0
raw download clone embed print report
  1. # $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $
  2.  
  3. # This is the sshd server system-wide configuration file. See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented. Uncommented options override the
  11. # default value.
  12.  
  13. Port 22
  14. #AddressFamily any
  15. ListenAddress xx.xxx.xxx.xxx
  16. #ListenAddress ::
  17.  
  18. # The default requires explicit activation of protocol 1
  19. Protocol 2
  20.  
  21. # HostKey for protocol version 1
  22. #HostKey /etc/ssh/ssh_host_key
  23. # HostKeys for protocol version 2
  24. HostKey /etc/ssh/ssh_host_rsa_key
  25. HostKey /etc/ssh/ssh_host_dsa_key
  26. #HostKey /etc/ssh/ssh_host_ecdsa_key
  27.  
  28. # Lifetime and size of ephemeral version 1 server key
  29. KeyRegenerationInterval 1h
  30. ServerKeyBits 1024
  31.  
  32. # Logging
  33. # obsoletes QuietMode and FascistLogging
  34. SyslogFacility AUTH
  35. LogLevel INFO
  36.  
  37. # Authentication:
  38.  
  39. LoginGraceTime 2m
  40. PermitRootLogin yes
  41. StrictModes yes
  42. MaxAuthTries 3
  43. MaxSessions 1
  44.  
  45. RSAAuthentication yes
  46. PubkeyAuthentication yes
  47.  
  48. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  49. # but this is overridden so installations will only check .ssh/authorized_keys
  50. #AuthorizedKeysFile .ssh/authorized_keys
  51.  
  52. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  53. #RhostsRSAAuthentication no
  54. # similar for protocol version 2
  55. #HostbasedAuthentication no
  56. # Change to yes if you don't trust ~/.ssh/known_hosts for
  57. # RhostsRSAAuthentication and HostbasedAuthentication
  58. #IgnoreUserKnownHosts no
  59. # Don't read the user's ~/.rhosts and ~/.shosts files
  60. #IgnoreRhosts yes
  61.  
  62. # To disable tunneled clear text passwords, change to no here!
  63. PasswordAuthentication no
  64. PermitEmptyPasswords no
  65.  
  66. # Change to no to disable s/key passwords
  67. #ChallengeResponseAuthentication yes
  68.  
  69. # Kerberos options
  70. #KerberosAuthentication no
  71. #KerberosOrLocalPasswd yes
  72. #KerberosTicketCleanup yes
  73. #KerberosGetAFSToken no
  74.  
  75. # GSSAPI options
  76. #GSSAPIAuthentication no
  77. #GSSAPICleanupCredentials yes
  78. #GSSAPIStrictAcceptorCheck yes
  79.  
  80. # Set this to 'yes' to enable PAM authentication, account processing,
  81. # and session processing. If this is enabled, PAM authentication will
  82. # be allowed through the ChallengeResponseAuthentication and
  83. # PasswordAuthentication. Depending on your PAM configuration,
  84. # PAM authentication via ChallengeResponseAuthentication may bypass
  85. # the setting of "PermitRootLogin without-password".
  86. # If you just want the PAM account and session checks to run without
  87. # PAM authentication, then enable this but set PasswordAuthentication
  88. # and ChallengeResponseAuthentication to 'no'.
  89. UsePAM yes
  90.  
  91. #AllowAgentForwarding yes
  92. #AllowTcpForwarding yes
  93. #GatewayPorts no
  94. #X11Forwarding no
  95. #X11DisplayOffset 10
  96. #X11UseLocalhost yes
  97. PrintMotd no
  98. PrintLastLog no
  99. TCPKeepAlive yes
  100. #UseLogin no
  101. #UsePrivilegeSeparation yes
  102. #PermitUserEnvironment no
  103. #Compression delayed
  104. #ClientAliveInterval 0
  105. #ClientAliveCountMax 3
  106. #UseDNS yes
  107. PidFile /var/run/sshd.pid
  108. #MaxStartups 10
  109. #PermitTunnel no
  110. #ChrootDirectory none
  111.  
  112. # no default banner path
  113. #Banner none
  114.  
  115. # override default of no subsystems
  116. Subsystem sftp /usr/lib64/misc/sftp-server
  117.  
  118. # the following are HPN related configuration options
  119. # tcp receive buffer polling. disable in non autotuning kernels
  120. #TcpRcvBufPoll yes
  121.  
  122. # allow the use of the none cipher
  123. #NoneEnabled no
  124.  
  125. # disable hpn performance boosts.
  126. #HPNDisabled no
  127.  
  128. # buffer size for hpn to non-hpn connections
  129. #HPNBufferSize 2048
  130.  
  131.  
  132. # Example of overriding settings on a per-user basis
  133. #Match User anoncvs
  134. # X11Forwarding no
  135. # AllowTcpForwarding no
  136. # ForceCommand cvs server
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!