Phylum

sshd_config

Dec 27th, 2012
69
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # sshd_config
  2. # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
  3.  
  4. # This is the sshd server system-wide configuration file. See
  5. # sshd_config(5) for more information.
  6.  
  7. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
  8.  
  9. # The strategy used for options in the default sshd_config shipped with
  10. # OpenSSH is to specify options with their default value where
  11. # possible, but leave them commented. Uncommented options change a
  12. # default value.
  13.  
  14. #Port 22
  15. #Protocol 2,1
  16. Protocol 2
  17. #AddressFamily any
  18. #ListenAddress 0.0.0.0
  19. #ListenAddress ::
  20.  
  21. # HostKey for protocol version 1
  22. #HostKey /etc/ssh/ssh_host_key
  23. # HostKeys for protocol version 2
  24. #HostKey /etc/ssh/ssh_host_rsa_key
  25. #HostKey /etc/ssh/ssh_host_dsa_key
  26.  
  27. # Lifetime and size of ephemeral version 1 server key
  28. #KeyRegenerationInterval 1h
  29. #ServerKeyBits 768
  30.  
  31. # Logging
  32. # obsoletes QuietMode and FascistLogging
  33. #SyslogFacility AUTH
  34. SyslogFacility AUTHPRIV
  35. #LogLevel INFO
  36.  
  37. # Authentication:
  38.  
  39. #LoginGraceTime 2m
  40. #PermitRootLogin yes
  41. #StrictModes yes
  42. #MaxAuthTries 6
  43.  
  44. #RSAAuthentication yes
  45. #PubkeyAuthentication yes
  46. #AuthorizedKeysFile .ssh/authorized_keys
  47.  
  48. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  49. #RhostsRSAAuthentication no
  50. # similar for protocol version 2
  51. #HostbasedAuthentication no
  52. # Change to yes if you don't trust ~/.ssh/known_hosts for
  53. # RhostsRSAAuthentication and HostbasedAuthentication
  54. #IgnoreUserKnownHosts no
  55. # Don't read the user's ~/.rhosts and ~/.shosts files
  56. #IgnoreRhosts yes
  57.  
  58. # To disable tunneled clear text passwords, change to no here!
  59. #PasswordAuthentication yes
  60. #PermitEmptyPasswords no
  61. PasswordAuthentication yes
  62.  
  63. # Change to no to disable s/key passwords
  64. #ChallengeResponseAuthentication yes
  65. ChallengeResponseAuthentication yes
  66.  
  67. # Kerberos options
  68. #KerberosAuthentication no
  69. #KerberosOrLocalPasswd yes
  70. #KerberosTicketCleanup yes
  71. #KerberosGetAFSToken no
  72.  
  73. # GSSAPI options
  74. #GSSAPIAuthentication no
  75. GSSAPIAuthentication yes
  76. #GSSAPICleanupCredentials yes
  77. GSSAPICleanupCredentials yes
  78.  
  79. # Set this to 'yes' to enable PAM authentication, account processing,
  80. # and session processing. If this is enabled, PAM authentication will
  81. # be allowed through the ChallengeResponseAuthentication mechanism.
  82. # Depending on your PAM configuration, this may bypass the setting of
  83. # PasswordAuthentication, PermitEmptyPasswords, and
  84. # "PermitRootLogin without-password". If you just want the PAM account and
  85. # session checks to run without PAM authentication, then enable this but set
  86. # ChallengeResponseAuthentication=no
  87. #UsePAM no
  88. UsePAM yes
  89.  
  90. # Accept locale-related environment variables
  91. AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  92. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  93. AcceptEnv LC_IDENTIFICATION LC_ALL
  94. #AllowTcpForwarding yes
  95. #GatewayPorts no
  96. #X11Forwarding no
  97. X11Forwarding yes
  98. #X11DisplayOffset 10
  99. #X11UseLocalhost yes
  100. #PrintMotd yes
  101. #PrintLastLog yes
  102. #TCPKeepAlive yes
  103. #UseLogin no
  104. #UsePrivilegeSeparation yes
  105. #PermitUserEnvironment no
  106. #Compression delayed
  107. #ClientAliveInterval 0
  108. #ClientAliveCountMax 3
  109. #ShowPatchLevel no
  110. #UseDNS yes
  111. #PidFile /var/run/sshd.pid
  112. #MaxStartups 10
  113. #PermitTunnel no
  114. #ChrootDirectory none
  115.  
  116. # no default banner path
  117. #Banner /some/path
  118.  
  119. # override default of no subsystems
  120. Subsystem sftp /usr/libexec/openssh/sftp-server
  121.  
  122. ## EOF sshd_config
RAW Paste Data