# This is the sshd server system-wide configuration file. See# sshd_config(5)

1. # This is the sshd server system-wide configuration file. See
2. # sshd_config(5) for more information.
3.  
4. # This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
5.  
6. # The strategy used for options in the default sshd_config shipped with
7. # OpenSSH is to specify options with their default value where
8. # possible, but leave them commented. Uncommented options override the
9. # default value.
10.  
11. # Include /etc/ssh/sshd_config.d/*.conf
12.  
13. # Port and ListenAddress options are not used when sshd is socket-activated,
14. # which is now the default in Ubuntu. See sshd_config(5) and
15. # /usr/share/doc/openssh-server/README.Debian.gz for details.
16. Port 22
17. #AddressFamily any
18. #ListenAddress 0.0.0.0
19. #ListenAddress ::
20.  
21. #HostKey /etc/ssh/ssh_host_rsa_key
22. #HostKey /etc/ssh/ssh_host_ecdsa_key
23. #HostKey /etc/ssh/ssh_host_ed25519_key
24.  
25. # Ciphers and keying
26. #RekeyLimit default none
27.  
28. # Logging
29. #SyslogFacility AUTH
30. #LogLevel INFO
31.  
32. # Authentication:
33.  
34. #LoginGraceTime 2m
35. #PermitRootLogin prohibit-password
36. #StrictModes yes
37. #MaxAuthTries 6
38. #MaxSessions 10
39.  
40. PubkeyAuthentication yes
41.  
42. # Expect .ssh/authorized_keys2 to be disregarded by default in future.
43. AuthorizedKeysFile .ssh/authorized_keys
44.  
45. #AuthorizedPrincipalsFile none
46.  
47. #AuthorizedKeysCommand none
48. #AuthorizedKeysCommandUser nobody
49.  
50. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
51. #HostbasedAuthentication no
52. # Change to yes if you don't trust ~/.ssh/known_hosts for
53. # HostbasedAuthentication
54. IgnoreUserKnownHosts no
55. # Don't read the user's ~/.rhosts and ~/.shosts files
56. #IgnoreRhosts yes
57.  
58. # To disable tunneled clear text passwords, change to no here!
59. PasswordAuthentication yes
60. #PermitEmptyPasswords no
61.  
62. # Change to yes to enable challenge-response passwords (beware issues with
63. # some PAM modules and threads)
64. KbdInteractiveAuthentication no
65.  
66. # Kerberos options
67. #KerberosAuthentication no
68. #KerberosOrLocalPasswd yes
69. #KerberosTicketCleanup yes
70. #KerberosGetAFSToken no
71.  
72. # GSSAPI options
73. #GSSAPIAuthentication no
74. #GSSAPICleanupCredentials yes
75. #GSSAPIStrictAcceptorCheck yes
76. #GSSAPIKeyExchange no
77.  
78. # Set this to 'yes' to enable PAM authentication, account processing,
79. # and session processing. If this is enabled, PAM authentication will
80. # be allowed through the KbdInteractiveAuthentication and
81. # PasswordAuthentication. Depending on your PAM configuration,
82. # PAM authentication via KbdInteractiveAuthentication may bypass
83. # the setting of "PermitRootLogin without-password".
84. # If you just want the PAM account and session checks to run without
85. # PAM authentication, then enable this but set PasswordAuthentication
86. # and KbdInteractiveAuthentication to 'no'.
87. UsePAM yes
88.  
89. #AllowAgentForwarding yes
90. #AllowTcpForwarding yes
91. #GatewayPorts no
92. X11Forwarding yes
93. #X11DisplayOffset 10
94. #X11UseLocalhost yes
95. #PermitTTY yes
96. PrintMotd no
97. #PrintLastLog yes
98. TCPKeepAlive yes
99. #PermitUserEnvironment no
100. #Compression delayed
101. #ClientAliveInterval 0
102. #ClientAliveCountMax 3
103. #UseDNS no
104. #PidFile /run/sshd.pid
105. #MaxStartups 10:30:100
106. #PermitTunnel no
107. #ChrootDirectory none
108. #VersionAddendum none
109.  
110. # no default banner path
111. #Banner none
112.  
113. # Allow client to pass locale environment variables
114. AcceptEnv LANG LC_*
115.  
116. # override default of no subsystems
117. Subsystem sftp /usr/lib/openssh/sftp-server
118.  
119. # Example of overriding settings on a per-user basis
120. #Match User anoncvs
121. # X11Forwarding no
122. # AllowTcpForwarding no
123. # PermitTTY no
124. # ForceCommand cvs server