ssh_config

1. # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
2.  
3. # This is the sshd server system-wide configuration file. See
4. # sshd_config(5) for more information.
5.  
6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7.  
8. # The strategy used for options in the default sshd_config shipped with
9. # OpenSSH is to specify options with their default value where
10. # possible, but leave them commented. Uncommented options override the
11. # default value.
12.  
13. #Port 22
14. #AddressFamily any
15. #ListenAddress 0.0.0.0
16. #ListenAddress ::
17.  
18. #HostKey /etc/ssh/ssh_host_rsa_key
19. #HostKey /etc/ssh/ssh_host_dsa_key
20. #HostKey /etc/ssh/ssh_host_ecdsa_key
21. #HostKey /etc/ssh/ssh_host_ed25519_key
22.  
23. # Ciphers and keying
24. #RekeyLimit default none
25.  
26. # Logging
27. #SyslogFacility AUTH
28. #LogLevel INFO
29.  
30. # Authentication:
31.  
32. #LoginGraceTime 2m
33. #PermitRootLogin prohibit-password
34. #StrictModes yes
35. #MaxAuthTries 6
36. #MaxSessions 10
37.  
38. #PubkeyAuthentication yes
39.  
40. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
41. # but this is overridden so installations will only check .ssh/authorized_keys
42. AuthorizedKeysFile .ssh/authorized_keys
43.  
44. #AuthorizedPrincipalsFile none
45.  
46. #AuthorizedKeysCommand none
47. #AuthorizedKeysCommandUser nobody
48.  
49. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
50. #HostbasedAuthentication no
51. # Change to yes if you don't trust ~/.ssh/known_hosts for
52. # HostbasedAuthentication
53. #IgnoreUserKnownHosts no
54. # Don't read the user's ~/.rhosts and ~/.shosts files
55. #IgnoreRhosts yes
56.  
57. # To disable tunneled clear text passwords, change to no here!
58. #PasswordAuthentication yes
59. #PermitEmptyPasswords no
60.  
61. # Change to no to disable s/key passwords
62. #ChallengeResponseAuthentication yes
63.  
64. # Kerberos options
65. #KerberosAuthentication no
66. #KerberosOrLocalPasswd yes
67. #KerberosTicketCleanup yes
68. #KerberosGetAFSToken no
69.  
70. # GSSAPI options
71. #GSSAPIAuthentication no
72. #GSSAPICleanupCredentials yes
73.  
74. # Set this to 'yes' to enable PAM authentication, account processing,
75. # and session processing. If this is enabled, PAM authentication will
76. # be allowed through the ChallengeResponseAuthentication and
77. # PasswordAuthentication. Depending on your PAM configuration,
78. # PAM authentication via ChallengeResponseAuthentication may bypass
79. # the setting of "PermitRootLogin without-password".
80. # If you just want the PAM account and session checks to run without
81. # PAM authentication, then enable this but set PasswordAuthentication
82. # and ChallengeResponseAuthentication to 'no'.
83. UsePAM yes
84.  
85. #AllowAgentForwarding yes
86. #AllowTcpForwarding yes
87. #GatewayPorts no
88. #X11Forwarding no
89. #X11DisplayOffset 10
90. #X11UseLocalhost yes
91. #PermitTTY yes
92. #PrintMotd yes
93. #PrintLastLog yes
94. #TCPKeepAlive yes
95. #UseLogin no
96. #UsePrivilegeSeparation sandbox
97. #PermitUserEnvironment no
98. #Compression delayed
99. #ClientAliveInterval 0
100. #ClientAliveCountMax 3
101. #UseDNS no
102. #PidFile /var/run/sshd.pid
103. #MaxStartups 10:30:100
104. #PermitTunnel no
105. #ChrootDirectory none
106. #VersionAddendum none
107.  
108. # pass locale information
109. AcceptEnv LANG LC_*
110.  
111. # no default banner path
112. #Banner none
113.  
114. # override default of no subsystems
115. Subsystem sftp /usr/libexec/sftp-server
116.  
117. # Example of overriding settings on a per-user basis
118. #Match User anoncvs
119. # X11Forwarding no
120. # AllowTcpForwarding no
121. # PermitTTY no
122. # ForceCommand cvs server
123. LiubovTecSynt:BeTest ne_luboff$
124. LiubovTecSynt:BeTest ne_luboff$ cat /etc/ssh/ssh_config
125. # $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $
126.  
127. # This is the ssh client system-wide configuration file. See
128. # ssh_config(5) for more information. This file provides defaults for
129. # users, and the values can be changed in per-user configuration files
130. # or on the command line.
131.  
132. # Configuration data is parsed as follows:
133. # 1. command line options
134. # 2. user-specific file
135. # 3. system-wide file
136. # Any configuration value is only changed the first time it is set.
137. # Thus, host-specific definitions should be at the beginning of the
138. # configuration file, and defaults at the end.
139.  
140. # Site-wide defaults for some commonly used options. For a comprehensive
141. # list of available options, their meanings and defaults, please see the
142. # ssh_config(5) man page.
143.  
144. # Host *
145. # ForwardAgent no
146. # ForwardX11 no
147. # RhostsRSAAuthentication no
148. # RSAAuthentication yes
149. # PasswordAuthentication yes
150. # HostbasedAuthentication no
151. # GSSAPIAuthentication no
152. # GSSAPIDelegateCredentials no
153. # BatchMode no
154. # CheckHostIP yes
155. # AddressFamily any
156. # ConnectTimeout 0
157. # StrictHostKeyChecking ask
158. # IdentityFile ~/.ssh/identity
159. # IdentityFile ~/.ssh/id_rsa
160. # IdentityFile ~/.ssh/id_dsa
161. # IdentityFile ~/.ssh/id_ecdsa
162. # IdentityFile ~/.ssh/id_ed25519
163. # Port 22
164. # Protocol 2
165. # Cipher 3des
166. # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
167. # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
168. # EscapeChar ~
169. # Tunnel no
170. # TunnelDevice any:any
171. # PermitLocalCommand no
172. # VisualHostKey no
173. # ProxyCommand ssh -q -W %h:%p gateway.example.com
174. # RekeyLimit 1G 1h