[root@darkened ssh]# cat sshd_config# $OpenBSD: sshd_config,v 1.69 2004/

1. [root@darkened ssh]# cat sshd_config
2. # $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
3.  
4. # This is the sshd server system-wide configuration file. See
5. # sshd_config(5) for more information.
6.  
7. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
8.  
9. # The strategy used for options in the default sshd_config shipped with
10. # OpenSSH is to specify options with their default value where
11. # possible, but leave them commented. Uncommented options change a
12. # default value.
13.  
14. #Port 22
15. #Protocol 2,1
16. #ListenAddress 0.0.0.0
17. #ListenAddress ::
18.  
19. # HostKey for protocol version 1
20. #HostKey /etc/ssh/ssh_host_key
21. # HostKeys for protocol version 2
22. #HostKey /etc/ssh/ssh_host_rsa_key
23. #HostKey /etc/ssh/ssh_host_dsa_key
24.  
25. # Lifetime and size of ephemeral version 1 server key
26. #KeyRegenerationInterval 1h
27. #ServerKeyBits 768
28.  
29. # Logging
30. #obsoletes QuietMode and FascistLogging
31. #SyslogFacility AUTH
32. SyslogFacility AUTHPRIV
33. #LogLevel INFO
34.  
35. # Authentication:
36.  
37. #LoginGraceTime 2m
38. #PermitRootLogin yes
39. #StrictModes yes
40. #MaxAuthTries 6
41.  
42. #RSAAuthentication yes
43. #PubkeyAuthentication yes
44. #AuthorizedKeysFile .ssh/authorized_keys
45.  
46. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
47. #RhostsRSAAuthentication no
48. # similar for protocol version 2
49. #HostbasedAuthentication no
50. # Change to yes if you don't trust ~/.ssh/known_hosts for
51. # RhostsRSAAuthentication and HostbasedAuthentication
52. #IgnoreUserKnownHosts no
53. # Don't read the user's ~/.rhosts and ~/.shosts files
54. #IgnoreRhosts yes
55.  
56. # To disable tunneled clear text passwords, change to no here!
57. #PasswordAuthentication yes
58. #PermitEmptyPasswords no
59. PasswordAuthentication yes
60.  
61. # Change to no to disable s/key passwords
62. #ChallengeResponseAuthentication yes
63. ChallengeResponseAuthentication no
64.  
65. # Kerberos options
66. #KerberosAuthentication no
67. #KerberosOrLocalPasswd yes
68. #KerberosTicketCleanup yes
69. #KerberosGetAFSToken no
70.  
71. # GSSAPI options
72. #GSSAPIAuthentication no
73. GSSAPIAuthentication yes
74. #GSSAPICleanupCredentials yes
75. GSSAPICleanupCredentials yes
76.  
77. # Set this to 'yes' to enable PAM authentication, account processing,
78. # and session processing. If this is enabled, PAM authentication will
79. # be allowed through the ChallengeResponseAuthentication mechanism.
80. # Depending on your PAM configuration, this may bypass the setting of
81. # PasswordAuthentication, PermitEmptyPasswords, and
82. # "PermitRootLogin without-password". If you just want the PAM account and
83. # session checks to run without PAM authentication, then enable this but set
84. # ChallengeResponseAuthentication=no
85. #UsePAM no
86. UsePAM yes
87.  
88. #AllowTcpForwarding yes
89. #GatewayPorts no
90. #X11Forwarding no
91. X11Forwarding yes
92. #X11DisplayOffset 10
93. #X11UseLocalhost yes
94. #PrintMotd yes
95. #PrintLastLog yes
96. #TCPKeepAlive yes
97. #UseLogin no
98. #UsePrivilegeSeparation yes
99. #PermitUserEnvironment no
100. #Compression yes
101. #ClientAliveInterval 0
102. #ClientAliveCountMax 3
103. #UseDNS yes
104. #PidFile /var/run/sshd.pid
105. #MaxStartups 10
106. #ShowPatchLevel no
107.  
108. # no default banner path
109. #Banner /some/path
110.  
111. # override default of no subsystems
112. Subsystem sftp /usr/libexec/openssh/sftp-server