# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $# This is the ss

1. # $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $
2.  
3. # This is the sshd server system-wide configuration file. See
4. # sshd_config(5) for more information.
5.  
6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7.  
8. # The strategy used for options in the default sshd_config shipped with
9. # OpenSSH is to specify options with their default value where
10. # possible, but leave them commented. Uncommented options override the
11. # default value.
12.  
13. Port 22
14. #AddressFamily any
15. #ListenAddress 0.0.0.0
16. #ListenAddress ::
17.  
18. AllowUsers jafamo
19.  
20. # The default requires explicit activation of protocol 1
21. Protocol 2
22.  
23. # HostKey for protocol version 1
24. #HostKey /etc/ssh/ssh_host_key
25. # HostKeys for protocol version 2
26. #HostKey /etc/ssh/ssh_host_rsa_key
27. #HostKey /etc/ssh/ssh_host_dsa_key
28. #HostKey /etc/ssh/ssh_host_ecdsa_key
29.  
30. # Lifetime and size of ephemeral version 1 server key
31. #KeyRegenerationInterval 1h
32. #ServerKeyBits 1024
33.  
34. # Logging
35. # obsoletes QuietMode and FascistLogging
36. #SyslogFacility AUTH
37. #LogLevel INFO
38.  
39. # Authentication:
40.  
41. #LoginGraceTime 2m
42. PermitRootLogin no
43. #PermitRootLogin yes
44. #StrictModes yes
45. #MaxAuthTries 3
46. #MaxAuthTries 6
47. #MaxSessions 10
48.  
49. #RSAAuthentication yes
50. #PubkeyAuthentication yes
51.  
52. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
53. # but this is overridden so installations will only check .ssh/authorized_keys
54. #AuthorizedKeysFile .ssh/authorized_keys
55.  
56. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
57. #RhostsRSAAuthentication no
58. # similar for protocol version 2
59. #HostbasedAuthentication no
60. # Change to yes if you don't trust ~/.ssh/known_hosts for
61. # RhostsRSAAuthentication and HostbasedAuthentication
62. #IgnoreUserKnownHosts no
63. # Don't read the user's ~/.rhosts and ~/.shosts files
64. #IgnoreRhosts yes
65.  
66. # To disable tunneled clear text passwords, change to no here!
67. PasswordAuthentication yes
68. #PermitEmptyPasswords no
69.  
70. # Change to no to disable s/key passwords
71. #ChallengeResponseAuthentication no
72.  
73. # Kerberos options
74. #KerberosAuthentication no
75. #KerberosOrLocalPasswd yes
76. #KerberosTicketCleanup yes
77. #KerberosGetAFSToken no
78.  
79. # GSSAPI options
80. #GSSAPIAuthentication no
81. #GSSAPICleanupCredentials yes
82.  
83. # Set this to 'yes' to enable PAM authentication, account processing,
84. # and session processing. If this is enabled, PAM authentication will
85. # be allowed through the ChallengeResponseAuthentication and
86. # PasswordAuthentication. Depending on your PAM configuration,
87. # PAM authentication via ChallengeResponseAuthentication may bypass
88. # the setting of "PermitRootLogin without-password".
89. # If you just want the PAM account and session checks to run without
90. # PAM authentication, then enable this but set PasswordAuthentication
91. # and ChallengeResponseAuthentication to 'no'.
92. UsePAM yes
93.  
94. #AllowAgentForwarding yes
95. #AllowTcpForwarding yes
96. #GatewayPorts no
97. #X11Forwarding no
98. #X11DisplayOffset 10
99. #X11UseLocalhost yes
100. #PrintMotd yes
101. #PrintLastLog yes
102. #TCPKeepAlive yes
103. #UseLogin no
104. #UsePrivilegeSeparation yes
105. #PermitUserEnvironment no
106. #Compression delayed
107. #ClientAliveInterval 0
108. #ClientAliveCountMax 3
109. #UseDNS yes
110. #PidFile /var/run/sshd.pid
111. #MaxStartups 10
112. #PermitTunnel no
113. #ChrootDirectory none
114.  
115. # no default banner path
116. #Banner none
117.  
118. # override default of no subsystems
119. Subsystem sftp /usr/lib/ssh/sftp-server
120.  
121. # Example of overriding settings on a per-user basis
122. #Match User anoncvs
123. # X11Forwarding no
124. # AllowTcpForwarding no
125. # ForceCommand cvs server