1# $NetBSD: sshd_config,v 1.6 2011/05/03 13:04:00 jruoho Exp $ 2# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# The strategy used for options in the default sshd_config shipped with 8# OpenSSH is to specify options with their default value where 9# possible, but leave them commented. Uncommented options change a 10# default value. 11 12#Port 22 13#AddressFamily any 14#ListenAddress 0.0.0.0 15#ListenAddress :: 16 17# The default requires explicit activation of protocol 1 18#Protocol 2 19 20# HostKey for protocol version 1 21#HostKey /etc/ssh/ssh_host_key 22# HostKeys for protocol version 2 23#HostKey /etc/ssh/ssh_host_rsa_key 24#HostKey /etc/ssh/ssh_host_dsa_key 25 26# Lifetime and size of ephemeral version 1 server key 27#KeyRegenerationInterval 1h 28#ServerKeyBits 1024 29 30# Logging 31# obsoletes QuietMode and FascistLogging 32#SyslogFacility AUTH 33#LogLevel INFO 34 35# Authentication: 36 37LoginGraceTime 600 38#PermitRootLogin no 39#StrictModes yes 40#MaxAuthTries 6 41#MaxSessions 10 42 43#RSAAuthentication yes 44#PubkeyAuthentication yes 45#AuthorizedKeysFile .ssh/authorized_keys 46 47# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 48#RhostsRSAAuthentication no 49# similar for protocol version 2 50#HostbasedAuthentication no 51# Change to yes if you don't trust ~/.ssh/known_hosts for 52# RhostsRSAAuthentication and HostbasedAuthentication 53#IgnoreUserKnownHosts no 54# Don't read the user's ~/.rhosts and ~/.shosts files 55#IgnoreRhosts yes 56 57# To disable password authentication, set this and UsePam to no 58#PasswordAuthentication yes 59#PermitEmptyPasswords no 60 61# Change to no to disable s/key passwords 62#ChallengeResponseAuthentication yes 63 64# Kerberos options 65#KerberosAuthentication no 66#KerberosOrLocalPasswd yes 67#KerberosTicketCleanup yes 68#KerberosGetAFSToken no 69 70# GSSAPI options 71#GSSAPIAuthentication no 72#GSSAPICleanupCredentials yes 73 74#AllowAgentForwarding yes 75#AllowTcpForwarding yes 76#GatewayPorts no 77#X11Forwarding no 78# If you use xorg from pkgsrc then uncomment the following line. 79#XAuthLocation /usr/pkg/bin/xauth 80#X11DisplayOffset 10 81#X11UseLocalhost yes 82#PrintMotd yes 83#PrintLastLog yes 84#TCPKeepAlive yes 85#UseLogin no 86#UsePrivilegeSeparation yes 87UsePam yes 88#PermitUserEnvironment no 89#Compression delayed 90#ClientAliveInterval 0 91#ClientAliveCountMax 3 92#UseDNS yes 93#PidFile /var/run/sshd.pid 94#MaxStartups 10 95#PermitTunnel no 96#ChrootDirectory none 97 98# no default banner path 99#Banner none 100 101# here are the new patched ldap related tokens 102# entries in your LDAP must have posixAccount & ldapPublicKey objectclass 103#UseLPK yes 104#LpkLdapConf /etc/ldap.conf 105#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ 106#LpkUserDN ou=users,dc=phear,dc=org 107#LpkGroupDN ou=groups,dc=phear,dc=org 108#LpkBindDN cn=Manager,dc=phear,dc=org 109#LpkBindPw secret 110#LpkServerGroup mail 111#LpkFilter (hostAccess=master.phear.org) 112#LpkForceTLS no 113#LpkSearchTimelimit 3 114#LpkBindTimelimit 3 115#LpkPubKeyAttr sshPublicKey 116 117# override default of no subsystems 118Subsystem sftp /usr/libexec/sftp-server 119 120# the following are HPN related configuration options 121# tcp receive buffer polling. disable in non autotuning kernels 122#TcpRcvBufPoll yes 123 124# allow the use of the none cipher 125#NoneEnabled no 126 127# disable hpn performance boosts. 128#HPNDisabled no 129 130# buffer size for hpn to non-hpn connections 131#HPNBufferSize 2048 132 133 134# Example of overriding settings on a per-user basis 135#Match User anoncvs 136# X11Forwarding no 137# AllowTcpForwarding no 138# ForceCommand cvs server 139