sshd_config

1. casey@ultram:~$ sudo cat /etc/ssh/sshd_config
2. #   $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
3.  
4. # This is the sshd server system-wide configuration file.  See
5. # sshd_config(5) for more information.
6.  
7. # This sshd was compiled with PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
8.  
9. # The strategy used for options in the default sshd_config shipped with
10. # OpenSSH is to specify options with their default value where
11. # possible, but leave them commented.  Uncommented options change a
12. # default value.
13.  
14. #Port 22
15. #AddressFamily any
16. #ListenAddress 0.0.0.0
17. #ListenAddress ::
18.  
19. # The default requires explicit activation of protocol 1
20. Protocol 2
21.  
22. # HostKey for protocol version 1
23. #HostKey /etc/ssh/ssh_host_key
24. # HostKeys for protocol version 2
25. #HostKey /etc/ssh/ssh_host_rsa_key
26. #HostKey /etc/ssh/ssh_host_dsa_key
27.  
28. # Lifetime and size of ephemeral version 1 server key
29. #KeyRegenerationInterval 1h
30. #ServerKeyBits 1024
31.  
32. # Logging
33. # obsoletes QuietMode and FascistLogging
34. #SyslogFacility AUTH
35. #LogLevel INFO
36.  
37. # Authentication:
38.  
39. #LoginGraceTime 2m
40. PermitRootLogin yes #without-password
41. PermitTunnel yes #point-to-point
42. StrictModes yes
43. #MaxAuthTries 6
44. #MaxSessions 10
45.  
46. #RSAAuthentication yes
47. PubkeyAuthentication yes
48. AuthorizedKeysFile  .ssh/authorized_keys
49.  
50. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
51. #RhostsRSAAuthentication no
52. # similar for protocol version 2
53. #HostbasedAuthentication no
54. # Change to yes if you don't trust ~/.ssh/known_hosts for
55. # RhostsRSAAuthentication and HostbasedAuthentication
56. #IgnoreUserKnownHosts no
57. # Don't read the user's ~/.rhosts and ~/.shosts files
58. #IgnoreRhosts yes
59.  
60.  
61. # Change to no to disable s/key passwords
62. #ChallengeResponseAuthentication yes
63.  
64. # Kerberos options
65. #KerberosAuthentication no
66. #KerberosOrLocalPasswd yes
67. #KerberosTicketCleanup yes
68. #KerberosGetAFSToken no
69.  
70. # GSSAPI options
71. #GSSAPIAuthentication no
72. #GSSAPICleanupCredentials yes
73.  
74. # Set this to 'yes' to enable PAM authentication, account processing,
75. # and session processing. If this is enabled, PAM authentication will
76. # be allowed through the ChallengeResponseAuthentication and
77. # PasswordAuthentication.  Depending on your PAM configuration,
78. # PAM authentication via ChallengeResponseAuthentication may bypass
79. # the setting of "PermitRootLogin without-password".
80. # If you just want the PAM account and session checks to run without
81. # PAM authentication, then enable this but set PasswordAuthentication
82. # and ChallengeResponseAuthentication to 'no'.
83. #UsePAM no
84.  
85. AllowAgentForwarding yes
86. AllowTcpForwarding yes
87. #GatewayPorts no
88. X11Forwarding yes
89. #X11DisplayOffset 10
90. #X11UseLocalhost yes
91. #PrintMotd yes
92. #PrintLastLog yes
93. #TCPKeepAlive yes
94. #UseLogin no
95. UsePrivilegeSeparation yes
96. #PermitUserEnvironment no
97. Compression yes
98. #ClientAliveInterval 0
99. #ClientAliveCountMax 3
100. #UseDNS yes
101. #PidFile /var/run/sshd.pid
102. #MaxStartups 10
103.  
104. #ChrootDirectory none
105.  
106. # no default banner path
107. #Banner none
108.  
109. # override default of no subsystems
110. Subsystem   sftp    /usr/libexec/sftp-server
111.  
112. # Example of overriding settings on a per-user basis
113. #Match User anoncvs
114. #   X11Forwarding no
115. #   AllowTcpForwarding no
116. #   ForceCommand cvs server
117.  
118. # To disable tunneled clear text passwords, change to no here!
119. PasswordAuthentication yes
120. PermitEmptyPasswords no