localhost ~ cat /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.81 2009

1. localhost ~ cat /etc/ssh/sshd_config
2. # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
3.  
4. # This is the sshd server system-wide configuration file. See
5. # sshd_config(5) for more information.
6.  
7. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8.  
9. # The strategy used for options in the default sshd_config shipped with
10. # OpenSSH is to specify options with their default value where
11. # possible, but leave them commented. Uncommented options change a
12. # default value.
13.  
14. #Port 22
15. #AddressFamily any
16. #ListenAddress 0.0.0.0
17. #ListenAddress ::
18.  
19. # The default requires explicit activation of protocol 1
20. #Protocol 2
21.  
22. # HostKey for protocol version 1
23. #HostKey /etc/ssh/ssh_host_key
24. # HostKeys for protocol version 2
25. #HostKey /etc/ssh/ssh_host_rsa_key
26. #HostKey /etc/ssh/ssh_host_dsa_key
27.  
28. # Lifetime and size of ephemeral version 1 server key
29. #KeyRegenerationInterval 1h
30. #ServerKeyBits 1024
31.  
32. # Logging
33. # obsoletes QuietMode and FascistLogging
34. #SyslogFacility AUTH
35. #LogLevel INFO
36.  
37. # Authentication:
38.  
39. #LoginGraceTime 2m
40. #PermitRootLogin yes
41. #StrictModes yes
42. #MaxAuthTries 6
43. #MaxSessions 10
44.  
45. RSAAuthentication yes
46. PubkeyAuthentication yes
47. AuthorizedKeysFile .ssh/authorized_keys
48.  
49. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
50. #RhostsRSAAuthentication no
51. # similar for protocol version 2
52. #HostbasedAuthentication no
53. # Change to yes if you don't trust ~/.ssh/known_hosts for
54. # RhostsRSAAuthentication and HostbasedAuthentication
55. #IgnoreUserKnownHosts no
56. # Don't read the user's ~/.rhosts and ~/.shosts files
57. #IgnoreRhosts yes
58.  
59. # To disable tunneled clear text passwords, change to no here!
60. PasswordAuthentication no
61. #PermitEmptyPasswords no
62.  
63. # Change to no to disable s/key passwords
64. #ChallengeResponseAuthentication yes
65.  
66. # Kerberos options
67. #KerberosAuthentication no
68. #KerberosOrLocalPasswd yes
69. #KerberosTicketCleanup yes
70. #KerberosGetAFSToken no
71.  
72. # GSSAPI options
73. #GSSAPIAuthentication no
74. #GSSAPICleanupCredentials yes
75.  
76. # Set this to 'yes' to enable PAM authentication, account processing,
77. # and session processing. If this is enabled, PAM authentication will
78. # be allowed through the ChallengeResponseAuthentication and
79. # PasswordAuthentication. Depending on your PAM configuration,
80. # PAM authentication via ChallengeResponseAuthentication may bypass
81. # the setting of "PermitRootLogin without-password".
82. # If you just want the PAM account and session checks to run without
83. # PAM authentication, then enable this but set PasswordAuthentication
84. # and ChallengeResponseAuthentication to 'no'.
85. UsePAM yes
86.  
87. #AllowAgentForwarding yes
88. #AllowTcpForwarding yes
89. #GatewayPorts no
90. X11Forwarding yes
91. #X11DisplayOffset 10
92. #X11UseLocalhost yes
93. PrintMotd no
94. PrintLastLog no
95. #TCPKeepAlive yes
96. #UseLogin no
97. #UsePrivilegeSeparation yes
98. #PermitUserEnvironment no
99. #Compression delayed
100. #ClientAliveInterval 0
101. #ClientAliveCountMax 3
102. #UseDNS yes
103. #PidFile /var/run/sshd.pid
104. #MaxStartups 10
105. #PermitTunnel no
106. #ChrootDirectory none
107.  
108. # no default banner path
109. #Banner none
110.  
111. # override default of no subsystems
112. Subsystem sftp /usr/lib/misc/sftp-server
113.  
114. # Example of overriding settings on a per-user basis
115. #Match User anoncvs
116. # X11Forwarding no
117. # AllowTcpForwarding no
118. # ForceCommand cvs server