# Package generated configuration file# See the sshd_config(5) manpage for de

1. # Package generated configuration file
2. # See the sshd_config(5) manpage for details
3.  
4.  
5. # What ports, IPs and protocols we listen for
6. Port 22
7. # Use these options to restrict which interfaces/protocols sshd will bind to
8. #ListenAddress ::
9. #ListenAddress 0.0.0.0
10. Protocol 2
11. # HostKeys for protocol version 2
12. HostKey /etc/ssh/ssh_host_rsa_key
13. HostKey /etc/ssh/ssh_host_dsa_key
14. HostKey /etc/ssh/ssh_host_ecdsa_key
15. #Privilege Separation is turned on for security
16. UsePrivilegeSeparation yes
17.  
18.  
19. # Lifetime and size of ephemeral version 1 server key
20. KeyRegenerationInterval 3600
21. ServerKeyBits 768
22.  
23.  
24. # Logging
25. SyslogFacility AUTH
26. LogLevel INFO
27.  
28.  
29. # Authentication:
30. LoginGraceTime 120
31. PermitRootLogin yes
32. StrictModes yes
33.  
34.  
35. RSAAuthentication yes
36. PubkeyAuthentication yes
37. #AuthorizedKeysFile %h/.ssh/authorized_keys
38.  
39.  
40. # Don't read the user's ~/.rhosts and ~/.shosts files
41. IgnoreRhosts yes
42. # For this to work you will also need host keys in /etc/ssh_known_hosts
43. RhostsRSAAuthentication no
44. # similar for protocol version 2
45. HostbasedAuthentication no
46. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
47. #IgnoreUserKnownHosts yes
48.  
49.  
50. # To enable empty passwords, change to yes (NOT RECOMMENDED)
51. PermitEmptyPasswords no
52.  
53.  
54. # Change to yes to enable challenge-response passwords (beware issues with
55. # some PAM modules and threads)
56. ChallengeResponseAuthentication no
57.  
58.  
59. # Change to no to disable tunnelled clear text passwords
60. #PasswordAuthentication no
61.  
62.  
63. # Kerberos options
64. #KerberosAuthentication no
65. #KerberosGetAFSToken no
66. #KerberosOrLocalPasswd yes
67. #KerberosTicketCleanup yes
68.  
69.  
70. # GSSAPI options
71. #GSSAPIAuthentication no
72. #GSSAPICleanupCredentials yes
73.  
74.  
75. X11Forwarding yes
76. X11DisplayOffset 10
77. PrintMotd no
78. PrintLastLog yes
79. TCPKeepAlive yes
80. #UseLogin no
81.  
82.  
83. #MaxStartups 10:30:60
84. #Banner /etc/issue.net
85.  
86.  
87. # Allow client to pass locale environment variables
88. AcceptEnv LANG LC_*
89.  
90.  
91. Subsystem sftp /usr/lib/openssh/sftp-server
92.  
93.  
94. # Set this to 'yes' to enable PAM authentication, account processing,
95. # and session processing. If this is enabled, PAM authentication will
96. # be allowed through the ChallengeResponseAuthentication and
97. # PasswordAuthentication. Depending on your PAM configuration,
98. # PAM authentication via ChallengeResponseAuthentication may bypass
99. # the setting of "PermitRootLogin without-password".
100. # If you just want the PAM account and session checks to run without
101. # PAM authentication, then enable this but set PasswordAuthentication
102. # and ChallengeResponseAuthentication to 'no'.
103. UsePAM no