API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 1st, 2017
113
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.00 KB | None | 0 0
raw download clone embed print report
  1. $ cat /etc/ssh/sshd_config
  2. # $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
  3. # $FreeBSD: releng/10.3/crypto/openssh/sshd_config 296853 2016-03-14 13:05:13Z des $
  4.  
  5. # This is the sshd server system-wide configuration file. See
  6. # sshd_config(5) for more information.
  7.  
  8. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  9.  
  10. # The strategy used for options in the default sshd_config shipped with
  11. # OpenSSH is to specify options with their default value where
  12. # possible, but leave them commented. Uncommented options override the
  13. # default value.
  14.  
  15. # Note that some of FreeBSD's defaults differ from OpenBSD's, and
  16. # FreeBSD has a few additional options.
  17.  
  18. Port 8895
  19. AddressFamily any
  20. #ListenAddress 0.0.0.0
  21. ListenAddress 192.168.1.100
  22.  
  23. # The default requires explicit activation of protocol 1
  24. Protocol 2
  25.  
  26. # HostKey for protocol version 1
  27. #HostKey /etc/ssh/ssh_host_key
  28. # HostKeys for protocol version 2
  29. #HostKey /etc/ssh/ssh_host_rsa_key
  30. #HostKey /etc/ssh/ssh_host_dsa_key
  31. #HostKey /etc/ssh/ssh_host_ecdsa_key
  32. #HostKey /etc/ssh/ssh_host_ed25519_key
  33.  
  34. # Lifetime and size of ephemeral version 1 server key
  35. #KeyRegenerationInterval 1h
  36. #ServerKeyBits 1024
  37.  
  38. # Ciphers and keying
  39. #RekeyLimit default none
  40.  
  41. # Logging
  42. # obsoletes QuietMode and FascistLogging
  43. SyslogFacility AUTH
  44. LogLevel DEBUG3
  45.  
  46. # Authentication:
  47.  
  48. #LoginGraceTime 2m
  49. PermitRootLogin no
  50. #StrictModes yes
  51. #MaxAuthTries 6
  52. MaxSessions 10
  53.  
  54. #RSAAuthentication yes
  55. #PubkeyAuthentication yes
  56.  
  57. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  58. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
  59.  
  60. #AuthorizedPrincipalsFile none
  61.  
  62. #AuthorizedKeysCommand none
  63. #AuthorizedKeysCommandUser nobody
  64.  
  65. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  66. #RhostsRSAAuthentication no
  67. # similar for protocol version 2
  68. #HostbasedAuthentication no
  69. # Change to yes if you don't trust ~/.ssh/known_hosts for
  70. # RhostsRSAAuthentication and HostbasedAuthentication
  71. #IgnoreUserKnownHosts no
  72. # Don't read the user's ~/.rhosts and ~/.shosts files
  73. #IgnoreRhosts yes
  74.  
  75. # Change to yes to enable built-in password authentication.
  76. PasswordAuthentication yes
  77. PermitEmptyPasswords no
  78.  
  79. # Change to no to disable PAM authentication
  80. #ChallengeResponseAuthentication yes
  81.  
  82. # Kerberos options
  83. #KerberosAuthentication no
  84. #KerberosOrLocalPasswd yes
  85. #KerberosTicketCleanup yes
  86. #KerberosGetAFSToken no
  87.  
  88. # GSSAPI options
  89. #GSSAPIAuthentication no
  90. #GSSAPICleanupCredentials yes
  91.  
  92. # Set this to 'no' to disable PAM authentication, account processing,
  93. # and session processing. If this is enabled, PAM authentication will
  94. # be allowed through the ChallengeResponseAuthentication and
  95. # PasswordAuthentication. Depending on your PAM configuration,
  96. # PAM authentication via ChallengeResponseAuthentication may bypass
  97. # the setting of "PermitRootLogin without-password".
  98. # If you just want the PAM account and session checks to run without
  99. # PAM authentication, then enable this but set PasswordAuthentication
  100. # and ChallengeResponseAuthentication to 'no'.
  101. #UsePAM yes
  102.  
  103. AllowAgentForwarding yes
  104. AllowTcpForwarding yes
  105. #GatewayPorts no
  106. #X11Forwarding yes
  107. #X11DisplayOffset 10
  108. #X11UseLocalhost yes
  109. PermitTTY yes
  110. PrintMotd yes
  111. #PrintLastLog yes
  112. TCPKeepAlive yes
  113. #UseLogin no
  114. #UsePrivilegeSeparation sandbox
  115. #PermitUserEnvironment no
  116. #Compression delayed
  117. # Sends encrypted alive message to idle clients every 20 seconds * max 4320 fails = 86400 seconds {a day}. After a full day of idling clints will be terminated.
  118. ClientAliveInterval 20
  119. ClientAliveCountMax 4320
  120. #UseDNS yes
  121. PidFile /var/run/sshd.pid
  122. #MaxStartups 10:30:100
  123. #PermitTunnel no
  124. #ChrootDirectory none
  125. #VersionAddendum FreeBSD-20160310
  126.  
  127. # no default banner path
  128. #Banner none
  129.  
  130. # override default of no subsystems
  131. Subsystem sftp /usr/libexec/sftp-server
  132.  
  133. # Example of overriding settings on a per-user basis
  134. #Match User anoncvs
  135. # X11Forwarding no
  136. # AllowTcpForwarding no
  137. # PermitTTY no
  138. # ForceCommand cvs server
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!