1# $NetBSD: sshd_config,v 1.19 2017/02/01 14:27:37 christos Exp $ 2# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# The strategy used for options in the default sshd_config shipped with 8# OpenSSH is to specify options with their default value where 9# possible, but leave them commented. Uncommented options override the 10# default value. 11 12#Port 22 13#AddressFamily any 14#ListenAddress 0.0.0.0 15#ListenAddress :: 16 17#HostKey /etc/ssh/ssh_host_rsa_key 18#HostKey /etc/ssh/ssh_host_dsa_key 19#HostKey /etc/ssh/ssh_host_ecdsa_key 20#HostKey /etc/ssh/ssh_host_ed25519_key 21 22# Ciphers and keying 23#RekeyLimit default none 24 25# Logging 26#SyslogFacility AUTH 27#LogLevel INFO 28 29# Authentication: 30 31# For slow CPUs, bumped from 2 minutes to 10 32LoginGraceTime 600 33#PermitRootLogin prohibit-password 34#StrictModes yes 35#MaxAuthTries 6 36#MaxSessions 10 37 38#PubkeyAuthentication yes 39 40# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 41# but this is overridden so installations will only check .ssh/authorized_keys 42AuthorizedKeysFile .ssh/authorized_keys 43 44#AuthorizedPrincipalsFile none 45 46#AuthorizedKeysCommand none 47#AuthorizedKeysCommandUser nobody 48 49# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 50#HostbasedAuthentication no 51# Change to yes if you don't trust ~/.ssh/known_hosts for 52# HostbasedAuthentication 53#IgnoreUserKnownHosts no 54# Don't read the user's ~/.rhosts and ~/.shosts files 55#IgnoreRhosts yes 56 57# To disable password authentication, set this and UsePam to no 58#PasswordAuthentication yes 59#PermitEmptyPasswords no 60 61# Change to no to disable s/key passwords 62#ChallengeResponseAuthentication yes 63 64#AllowAgentForwarding yes 65#AllowTcpForwarding yes 66#GatewayPorts no 67#X11Forwarding no 68# If you use xorg from pkgsrc then uncomment the following line. 69#XAuthLocation /usr/pkg/bin/xauth 70#X11DisplayOffset 10 71#X11UseLocalhost yes 72#PermitTTY yes 73#PrintMotd yes 74#PrintLastLog yes 75#TCPKeepAlive yes 76#UseLogin no 77#UsePrivilegeSeparation sandbox 78UsePam yes 79#PermitUserEnvironment no 80#Compression delayed 81#ClientAliveInterval 0 82#ClientAliveCountMax 3 83#UseDNS no 84#PidFile /var/run/sshd.pid 85#MaxStartups 10:30:100 86#PermitTunnel no 87#ChrootDirectory none 88#VersionAddendum none 89 90# no default banner path 91#Banner none 92 93# here are the new patched ldap related tokens 94# entries in your LDAP must have posixAccount & ldapPublicKey objectclass 95#UseLPK yes 96#LpkLdapConf /etc/ldap.conf 97#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ 98#LpkUserDN ou=users,dc=phear,dc=org 99#LpkGroupDN ou=groups,dc=phear,dc=org 100#LpkBindDN cn=Manager,dc=phear,dc=org 101#LpkBindPw secret 102#LpkServerGroup mail 103#LpkFilter (hostAccess=master.phear.org) 104#LpkForceTLS no 105#LpkSearchTimelimit 3 106#LpkBindTimelimit 3 107#LpkPubKeyAttr sshPublicKey 108 109# override default of no subsystems 110Subsystem sftp /usr/libexec/sftp-server 111 112# the following are HPN related configuration options 113# tcp receive buffer polling. disable in non autotuning kernels 114#TcpRcvBufPoll yes 115 116# allow the use of the none cipher 117#NoneEnabled no 118 119# disable hpn performance boosts. 120#HPNDisabled no 121 122# buffer size for hpn to non-hpn connections 123#HPNBufferSize 2048 124 125 126# Example of overriding settings on a per-user basis 127#Match User anoncvs 128# X11Forwarding no 129# AllowTcpForwarding no 130# PermitTTY no 131# ForceCommand cvs server 132