Tue Oct 27, 05:21 # cat /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.80 20

1. Tue Oct 27, 05:21 # cat /etc/ssh/sshd_config
2. # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
3.  
4. # This is the sshd server system-wide configuration file. See
5. # sshd_config(5) for more information.
6.  
7. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8.  
9. # The strategy used for options in the default sshd_config shipped with
10. # OpenSSH is to specify options with their default value where
11. # possible, but leave them commented. Uncommented options change a
12. # default value.
13.  
14. Port 5900
15. #AddressFamily any
16. #ListenAddress 192.168.1.112
17. #ListenAddress ::
18.  
19. # Disable legacy (protocol version 1) support in the server for new
20. # installations. In future the default will change to require explicit
21. # activation of protocol 1
22. Protocol 2
23.  
24. # HostKey for protocol version 1
25. #HostKey /etc/ssh/ssh_host_key
26. # HostKeys for protocol version 2
27. #HostKey /etc/ssh/ssh_host_rsa_key
28. #HostKey /etc/ssh/ssh_host_dsa_key
29. #UsePrivilegeSeperation yes
30.  
31. # Lifetime and size of ephemeral version 1 server key
32. #KeyRegenerationInterval 1h
33. #ServerKeyBits 1024
34.  
35. # Logging
36. # obsoletes QuietMode and FascistLogging
37. SyslogFacility AUTH
38. LogLevel INFO
39.  
40. # Authentication:
41.  
42. LoginGraceTime 20
43. PermitRootLogin no
44. StrictModes no
45. MaxAuthTries 4
46. MaxSessions 4
47.  
48. #RSAAuthentication yes
49. #PubkeyAuthentication yes
50. #AuthorizedKeysFile .ssh/authorized_keys
51.  
52. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
53. #RhostsRSAAuthentication no
54. # similar for protocol version 2
55. #HostbasedAuthentication no
56. # Change to yes if you don't trust ~/.ssh/known_hosts for
57. # RhostsRSAAuthentication and HostbasedAuthentication
58. #IgnoreUserKnownHosts no
59. # Don't read the user's ~/.rhosts and ~/.shosts files
60. #IgnoreRhosts yes
61.  
62. # To disable tunneled clear text passwords, change to no here!
63. PasswordAuthentication yes
64. PermitEmptyPasswords no
65.  
66. # Change to no to disable s/key passwords
67. ChallengeResponseAuthentication no
68.  
69. # Kerberos options
70. #KerberosAuthentication no
71. #KerberosOrLocalPasswd yes
72. #KerberosTicketCleanup yes
73. #KerberosGetAFSToken no
74.  
75. # GSSAPI options
76. #GSSAPIAuthentication no
77. #GSSAPICleanupCredentials yes
78.  
79. # Set this to 'yes' to enable PAM authentication, account processing,
80. # and session processing. If this is enabled, PAM authentication will
81. # be allowed through the ChallengeResponseAuthentication and
82. # PasswordAuthentication. Depending on your PAM configuration,
83. # PAM authentication via ChallengeResponseAuthentication may bypass
84. # the setting of "PermitRootLogin without-password".
85. # If you just want the PAM account and session checks to run without
86. # PAM authentication, then enable this but set PasswordAuthentication
87. # and ChallengeResponseAuthentication to 'no'.
88. UsePAM no
89.  
90. AllowAgentForwarding yes
91. AllowTcpForwarding yes
92. #GatewayPorts no
93. X11Forwarding yes
94. X11DisplayOffset 10
95. X11UseLocalhost yes
96. PrintMotd yes
97. PrintLastLog yes
98. TCPKeepAlive yes
99. #UseLogin no
100. #UsePrivilegeSeparation yes
101. #PermitUserEnvironment no
102. #Compression delayed
103. #ClientAliveInterval 0
104. #ClientAliveCountMax 3
105. #UseDNS yes
106. #PidFile /var/run/sshd.pid
107. #MaxStartups 10
108. #PermitTunnel no
109. #ChrootDirectory none
110.  
111. # no default banner path
112. #Banner none
113.  
114. # override default of no subsystems
115. AllowUsers orangeroot1000
116. Subsystem sftp /usr/lib/ssh/sftp-server
117.  
118. # Example of overriding settings on a per-user basis
119. #Match User anoncvs
120. # X11Forwarding no
121. # AllowTcpForwarding no
122. # ForceCommand cvs server