sshd_config

1. sasha@sasha-NtB:~$ ssh -l server ***.**.***.** -p 2234
2. server@***.**.***.**'s password:
3. Last login: Sun Sep 25 11:30:00 2011 from *.*.*.*
4. -bash-3.2$ sudo cat /etc/ssh/sshd_config
5. #   $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
6.  
7. # This is the sshd server system-wide configuration file.  See
8. # sshd_config(5) for more information.
9.  
10. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
11.  
12. # The strategy used for options in the default sshd_config shipped with
13. # OpenSSH is to specify options with their default value where
14. # possible, but leave them commented.  Uncommented options change a
15. # default value.
16.  
17. Port 2234
18. #Protocol 2,1
19. Protocol 2
20. #AddressFamily any
21. #ListenAddress 0.0.0.0
22. #ListenAddress ::
23.  
24. # HostKey for protocol version 1
25. #HostKey /etc/ssh/ssh_host_key
26. # HostKeys for protocol version 2
27. #HostKey /etc/ssh/ssh_host_rsa_key
28. #HostKey /etc/ssh/ssh_host_dsa_key
29.  
30. # Lifetime and size of ephemeral version 1 server key
31. #KeyRegenerationInterval 1h
32. #ServerKeyBits 768
33.  
34. # Logging
35. # obsoletes QuietMode and FascistLogging
36. #SyslogFacility AUTH
37. SyslogFacility AUTHPRIV
38. #LogLevel INFO
39.  
40. # Authentication:
41.  
42. #LoginGraceTime 2m
43. PermitRootLogin no
44. #StrictModes yes
45. MaxAuthTries 6
46.  
47. RSAAuthentication yes
48. PubkeyAuthentication yes
49. AuthorizedKeysFile  .ssh/authorized_keys
50.  
51. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
52. #RhostsRSAAuthentication no
53. # similar for protocol version 2
54. #HostbasedAuthentication no
55. # Change to yes if you don't trust ~/.ssh/known_hosts for
56. # RhostsRSAAuthentication and HostbasedAuthentication
57. #IgnoreUserKnownHosts no
58. # Don't read the user's ~/.rhosts and ~/.shosts files
59. #IgnoreRhosts yes
60.  
61. # To disable tunneled clear text passwords, change to no here!
62. #PasswordAuthentication yes
63. PermitEmptyPasswords no
64. PasswordAuthentication yes
65.  
66. # Change to no to disable s/key passwords
67. #ChallengeResponseAuthentication yes
68. ChallengeResponseAuthentication no
69.  
70. # Kerberos options
71. #KerberosAuthentication no
72. #KerberosOrLocalPasswd yes
73. #KerberosTicketCleanup yes
74. #KerberosGetAFSToken no
75.  
76. # GSSAPI options
77. #GSSAPIAuthentication no
78. GSSAPIAuthentication yes
79. #GSSAPICleanupCredentials yes
80. GSSAPICleanupCredentials yes
81.  
82. # Set this to 'yes' to enable PAM authentication, account processing,
83. # and session processing. If this is enabled, PAM authentication will
84. # be allowed through the ChallengeResponseAuthentication mechanism.
85. # Depending on your PAM configuration, this may bypass the setting of
86. # PasswordAuthentication, PermitEmptyPasswords, and
87. # "PermitRootLogin without-password". If you just want the PAM account and
88. # session checks to run without PAM authentication, then enable this but set
89. # ChallengeResponseAuthentication=no
90. #UsePAM no
91. UsePAM yes
92.  
93. # Accept locale-related environment variables
94. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
95. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
96. AcceptEnv LC_IDENTIFICATION LC_ALL
97. #AllowTcpForwarding yes
98. #GatewayPorts no
99. #X11Forwarding no
100. X11Forwarding yes
101. #X11DisplayOffset 10
102. #X11UseLocalhost yes
103. #PrintMotd yes
104. #PrintLastLog yes
105. #TCPKeepAlive yes
106. #UseLogin no
107. #UsePrivilegeSeparation yes
108. #PermitUserEnvironment no
109. #Compression delayed
110. #ClientAliveInterval 0
111. #ClientAliveCountMax 3
112. #ShowPatchLevel no
113. #UseDNS yes
114. #PidFile /var/run/sshd.pid
115. #MaxStartups 10
116. #PermitTunnel no
117. #ChrootDirectory none
118.  
119. # no default banner path
120. #Banner /some/path
121.  
122. # override default of no subsystems
123. Subsystem   sftp    /usr/libexec/openssh/sftp-server