1# $NetBSD: sshd_config,v 1.8 2011/09/07 17:49:19 christos Exp $ 2# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# The strategy used for options in the default sshd_config shipped with 8# OpenSSH is to specify options with their default value where 9# possible, but leave them commented. Uncommented options override the 10# default value. 11 12#Port 22 13#AddressFamily any 14#ListenAddress 0.0.0.0 15#ListenAddress :: 16 17# The default requires explicit activation of protocol 1 18#Protocol 2 19 20# HostKey for protocol version 1 21#HostKey /etc/ssh/ssh_host_key 22# HostKeys for protocol version 2 23#HostKey /etc/ssh/ssh_host_rsa_key 24#HostKey /etc/ssh/ssh_host_dsa_key 25#HostKey /etc/ssh/ssh_host_ecdsa_key 26 27# Lifetime and size of ephemeral version 1 server key 28#KeyRegenerationInterval 1h 29#ServerKeyBits 1024 30 31# Logging 32# obsoletes QuietMode and FascistLogging 33#SyslogFacility AUTH 34#LogLevel INFO 35 36# Authentication: 37 38LoginGraceTime 600 39#PermitRootLogin no 40#StrictModes yes 41#MaxAuthTries 6 42#MaxSessions 10 43 44#RSAAuthentication yes 45#PubkeyAuthentication yes 46 47# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 48# but this is overridden so installations will only check .ssh/authorized_keys 49AuthorizedKeysFile .ssh/authorized_keys 50 51# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 52#RhostsRSAAuthentication no 53# similar for protocol version 2 54#HostbasedAuthentication no 55# Change to yes if you don't trust ~/.ssh/known_hosts for 56# RhostsRSAAuthentication and HostbasedAuthentication 57#IgnoreUserKnownHosts no 58# Don't read the user's ~/.rhosts and ~/.shosts files 59#IgnoreRhosts yes 60 61# To disable password authentication, set this and UsePam to no 62#PasswordAuthentication yes 63#PermitEmptyPasswords no 64 65# Change to no to disable s/key passwords 66#ChallengeResponseAuthentication yes 67 68# Kerberos options 69#KerberosAuthentication no 70#KerberosOrLocalPasswd yes 71#KerberosTicketCleanup yes 72#KerberosGetAFSToken no 73 74# GSSAPI options 75#GSSAPIAuthentication no 76#GSSAPICleanupCredentials yes 77 78#AllowAgentForwarding yes 79#AllowTcpForwarding yes 80#GatewayPorts no 81#X11Forwarding no 82# If you use xorg from pkgsrc then uncomment the following line. 83#XAuthLocation /usr/pkg/bin/xauth 84#X11DisplayOffset 10 85#X11UseLocalhost yes 86#PrintMotd yes 87#PrintLastLog yes 88#TCPKeepAlive yes 89#UseLogin no 90#UsePrivilegeSeparation yes 91UsePam yes 92#PermitUserEnvironment no 93#Compression delayed 94#ClientAliveInterval 0 95#ClientAliveCountMax 3 96#UseDNS yes 97#PidFile /var/run/sshd.pid 98#MaxStartups 10 99#PermitTunnel no 100#ChrootDirectory none 101 102# no default banner path 103#Banner none 104 105# here are the new patched ldap related tokens 106# entries in your LDAP must have posixAccount & ldapPublicKey objectclass 107#UseLPK yes 108#LpkLdapConf /etc/ldap.conf 109#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ 110#LpkUserDN ou=users,dc=phear,dc=org 111#LpkGroupDN ou=groups,dc=phear,dc=org 112#LpkBindDN cn=Manager,dc=phear,dc=org 113#LpkBindPw secret 114#LpkServerGroup mail 115#LpkFilter (hostAccess=master.phear.org) 116#LpkForceTLS no 117#LpkSearchTimelimit 3 118#LpkBindTimelimit 3 119#LpkPubKeyAttr sshPublicKey 120 121# override default of no subsystems 122Subsystem sftp /usr/libexec/sftp-server 123 124# the following are HPN related configuration options 125# tcp receive buffer polling. disable in non autotuning kernels 126#TcpRcvBufPoll yes 127 128# allow the use of the none cipher 129#NoneEnabled no 130 131# disable hpn performance boosts. 132#HPNDisabled no 133 134# buffer size for hpn to non-hpn connections 135#HPNBufferSize 2048 136 137 138# Example of overriding settings on a per-user basis 139#Match User anoncvs 140# X11Forwarding no 141# AllowTcpForwarding no 142# ForceCommand cvs server 143