# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $# This is

1. # $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
2.  
3. # This is the sshd server system-wide configuration file. See
4. # sshd_config(5) for more information.
5.  
6. # This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
7.  
8. # The strategy used for options in the default sshd_config shipped with
9. # OpenSSH is to specify options with their default value where
10. # possible, but leave them commented. Uncommented options override the
11. # default value.
12.  
13. Port 9922
14. #AddressFamily any
15. #ListenAddress 0.0.0.0
16. #ListenAddress ::
17.  
18. #HostKey /etc/ssh/ssh_host_rsa_key
19. #HostKey /etc/ssh/ssh_host_ecdsa_key
20. #HostKey /etc/ssh/ssh_host_ed25519_key
21.  
22. # Ciphers and keying
23. #RekeyLimit default none
24.  
25. # Logging
26. #SyslogFacility AUTH
27. #LogLevel INFO
28.  
29. # Authentication:
30.  
31. #LoginGraceTime 2m
32. #PermitRootLogin prohibit-password
33. #StrictModes yes
34. #MaxAuthTries 6
35. #MaxSessions 10
36.  
37. PubkeyAuthentication yes
38.  
39. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
40. # but this is overridden so installations will only check .ssh/authorized_keys
41. AuthorizedKeysFile .ssh/authorized_keys
42.  
43. #AuthorizedPrincipalsFile none
44.  
45. #AuthorizedKeysCommand none
46. #AuthorizedKeysCommandUser nobody
47.  
48. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
49. #HostbasedAuthentication no
50. # Change to yes if you don't trust ~/.ssh/known_hosts for
51. # HostbasedAuthentication
52. #IgnoreUserKnownHosts no
53. # Don't read the user's ~/.rhosts and ~/.shosts files
54. #IgnoreRhosts yes
55.  
56. # To disable tunneled clear text passwords, change to no here!
57. #PasswordAuthentication yes
58. #PermitEmptyPasswords no
59.  
60. # Change to no to disable s/key passwords
61. ChallengeResponseAuthentication no
62.  
63. # Kerberos options
64. #KerberosAuthentication no
65. #KerberosOrLocalPasswd yes
66. #KerberosTicketCleanup yes
67. #KerberosGetAFSToken no
68.  
69. # GSSAPI options
70. #GSSAPIAuthentication no
71. #GSSAPICleanupCredentials yes
72.  
73. # Set this to 'yes' to enable PAM authentication, account processing,
74. # and session processing. If this is enabled, PAM authentication will
75. # be allowed through the ChallengeResponseAuthentication and
76. # PasswordAuthentication. Depending on your PAM configuration,
77. # PAM authentication via ChallengeResponseAuthentication may bypass
78. # the setting of "PermitRootLogin without-password".
79. # If you just want the PAM account and session checks to run without
80. # PAM authentication, then enable this but set PasswordAuthentication
81. # and ChallengeResponseAuthentication to 'no'.
82. UsePAM yes
83.  
84. #AllowAgentForwarding yes
85. #AllowTcpForwarding yes
86. #GatewayPorts no
87. #X11Forwarding no
88. #X11DisplayOffset 10
89. #X11UseLocalhost yes
90. #PermitTTY yes
91. PrintMotd no # pam does that
92. #PrintLastLog yes
93. #TCPKeepAlive yes
94. #UseLogin no
95. #PermitUserEnvironment no
96. #Compression delayed
97. #ClientAliveInterval 0
98. #ClientAliveCountMax 3
99. #UseDNS no
100. #PidFile /run/sshd.pid
101. #MaxStartups 10:30:100
102. #PermitTunnel no
103. #ChrootDirectory none
104. #VersionAddendum none
105.  
106. # no default banner path
107. #Banner none
108.  
109. # override default of no subsystems
110. Subsystem sftp /usr/lib/ssh/sftp-server
111.  
112. # Example of overriding settings on a per-user basis
113. #Match User anoncvs
114. # X11Forwarding no
115. # AllowTcpForwarding no
116. # PermitTTY no
117. # ForceCommand cvs server