SHARE
TWEET

Untitled

a guest May 25th, 2019 80 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #   $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
  2.  
  3. # This is the sshd server system-wide configuration file.  See
  4. # sshd_config(5) for more information.
  5.  
  6. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
  7.  
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented.  Uncommented options change a
  11. # default value.
  12.  
  13. Port 2222
  14. AddressFamily inet
  15. ListenAddress 0.0.0.0
  16. #ListenAddress ::
  17.  
  18. # Disable legacy (protocol version 1) support in the server for new
  19. # installations. In future the default will change to require explicit
  20. # activation of protocol 1
  21. Protocol 2
  22.  
  23. # HostKey for protocol version 1
  24. #HostKey /etc/ssh/ssh_host_key
  25. # HostKeys for protocol version 2
  26. #HostKey /etc/ssh/ssh_host_rsa_key
  27. #HostKey /etc/ssh/ssh_host_dsa_key
  28.  
  29. # Lifetime and size of ephemeral version 1 server key
  30. #KeyRegenerationInterval 1h
  31. #ServerKeyBits 1024
  32.  
  33. # Logging
  34. # obsoletes QuietMode and FascistLogging
  35. #LogLevel INFO
  36.  
  37. # Authentication:
  38.  
  39. #LoginGraceTime 2m
  40. #StrictModes yes
  41. #MaxAuthTries 6
  42. #MaxSessions 10
  43.  
  44. RSAAuthentication yes
  45. PubkeyAuthentication yes
  46. AuthorizedKeysFile  .ssh/authorized_keys
  47. AuthorizedKeysCommand none
  48. AuthorizedKeysCommandRunAs nobody
  49.  
  50. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  51. #RhostsRSAAuthentication no
  52. # similar for protocol version 2
  53. #HostbasedAuthentication no
  54. # Change to yes if you don't trust ~/.ssh/known_hosts for
  55. # RhostsRSAAuthentication and HostbasedAuthentication
  56. #IgnoreUserKnownHosts no
  57. # Don't read the user's ~/.rhosts and ~/.shosts files
  58. #IgnoreRhosts yes
  59.  
  60. # To disable tunneled clear text passwords, change to no here!
  61. PermitEmptyPasswords no
  62.  
  63. # Change to no to disable s/key passwords
  64. #ChallengeResponseAuthentication yes
  65. ChallengeResponseAuthentication no
  66.  
  67. # Kerberos options
  68. #KerberosAuthentication no
  69. #KerberosOrLocalPasswd yes
  70. #KerberosTicketCleanup yes
  71. #KerberosGetAFSToken no
  72. #KerberosUseKuserok yes
  73.  
  74. # GSSAPI options
  75. #GSSAPIAuthentication no
  76. GSSAPIAuthentication yes
  77. #GSSAPICleanupCredentials yes
  78. GSSAPICleanupCredentials yes
  79. #GSSAPIStrictAcceptorCheck yes
  80. #GSSAPIKeyExchange no
  81.  
  82. # Set this to 'yes' to enable PAM authentication, account processing,
  83. # and session processing. If this is enabled, PAM authentication will
  84. # be allowed through the ChallengeResponseAuthentication and
  85. # PAM authentication via ChallengeResponseAuthentication may bypass
  86. # If you just want the PAM account and session checks to run without
  87. # and ChallengeResponseAuthentication to 'no'.
  88. #UsePAM no
  89. UsePAM yes
  90.  
  91. # Accept locale-related environment variables
  92. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  93. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  94. AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  95. AcceptEnv XMODIFIERS
  96.  
  97. #AllowAgentForwarding yes
  98. #AllowTcpForwarding yes
  99. #GatewayPorts no
  100. #X11Forwarding no
  101. X11Forwarding yes
  102. #X11DisplayOffset 10
  103. #X11UseLocalhost yes
  104. #PrintMotd yes
  105. #PrintLastLog yes
  106. #TCPKeepAlive yes
  107. #UseLogin no
  108. #UsePrivilegeSeparation yes
  109. #PermitUserEnvironment no
  110. #Compression delayed
  111. #ClientAliveInterval 0
  112. #ClientAliveCountMax 3
  113. #ShowPatchLevel no
  114. #PidFile /var/run/sshd.pid
  115. #MaxStartups 10:30:100
  116. #PermitTunnel no
  117. #ChrootDirectory none
  118.  
  119. # no default banner path
  120. #Banner none
  121.  
  122. # override default of no subsystems
  123. Subsystem   sftp    /usr/libexec/openssh/sftp-server
  124.  
  125. # Example of overriding settings on a per-user basis
  126. #Match User anoncvs
  127. #   X11Forwarding no
  128. #   AllowTcpForwarding no
  129. #   ForceCommand cvs server
  130. UseDNS no
  131. #AddressFamily inet
  132. PermitRootLogin yes
  133. SyslogFacility AUTHPRIV
  134. PasswordAuthentication no
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top