1# $NetBSD: sshd_config,v 1.3 2009/08/17 22:58:28 dyoung Exp $ 2# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# The strategy used for options in the default sshd_config shipped with 8# OpenSSH is to specify options with their default value where 9# possible, but leave them commented. Uncommented options change a 10# default value. 11 12#Port 22 13#AddressFamily any 14#ListenAddress 0.0.0.0 15#ListenAddress :: 16 17# Disable legacy (protocol version 1) support in the server for new 18# installations. In future the default will change to require explicit 19# activation of protocol 1 20Protocol 2 21 22# HostKey for protocol version 1 23#HostKey /etc/ssh/ssh_host_key 24# HostKeys for protocol version 2 25#HostKey /etc/ssh/ssh_host_rsa_key 26#HostKey /etc/ssh/ssh_host_dsa_key 27 28# Lifetime and size of ephemeral version 1 server key 29#KeyRegenerationInterval 1h 30#ServerKeyBits 1024 31 32# Logging 33# obsoletes QuietMode and FascistLogging 34#SyslogFacility AUTH 35#LogLevel INFO 36 37# Authentication: 38 39LoginGraceTime 600 40#PermitRootLogin no 41#StrictModes yes 42#MaxAuthTries 6 43#MaxSessions 10 44 45#RSAAuthentication yes 46#PubkeyAuthentication yes 47#AuthorizedKeysFile .ssh/authorized_keys 48 49# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 50#RhostsRSAAuthentication no 51# similar for protocol version 2 52#HostbasedAuthentication no 53# Change to yes if you don't trust ~/.ssh/known_hosts for 54# RhostsRSAAuthentication and HostbasedAuthentication 55#IgnoreUserKnownHosts no 56# Don't read the user's ~/.rhosts and ~/.shosts files 57#IgnoreRhosts yes 58 59# To disable tunneled clear text passwords, change to no here! 60#PasswordAuthentication yes 61#PermitEmptyPasswords no 62 63# Change to no to disable s/key passwords 64#ChallengeResponseAuthentication yes 65 66# Kerberos options 67#KerberosAuthentication no 68#KerberosOrLocalPasswd yes 69#KerberosTicketCleanup yes 70#KerberosGetAFSToken no 71 72# GSSAPI options 73#GSSAPIAuthentication no 74#GSSAPICleanupCredentials yes 75 76#AllowAgentForwarding yes 77#AllowTcpForwarding yes 78#GatewayPorts no 79#X11Forwarding no 80# If you use xorg from pkgsrc then uncomment the following line. 81#XAuthLocation /usr/pkg/bin/xauth 82#X11DisplayOffset 10 83#X11UseLocalhost yes 84#PrintMotd yes 85#PrintLastLog yes 86#TCPKeepAlive yes 87#UseLogin no 88#UsePrivilegeSeparation yes 89UsePam yes 90#PermitUserEnvironment no 91#Compression delayed 92#ClientAliveInterval 0 93#ClientAliveCountMax 3 94#UseDNS yes 95#PidFile /var/run/sshd.pid 96#MaxStartups 10 97#PermitTunnel no 98#ChrootDirectory none 99 100# no default banner path 101#Banner none 102 103# override default of no subsystems 104Subsystem sftp /usr/libexec/sftp-server 105 106# the following are HPN related configuration options 107# tcp receive buffer polling. disable in non autotuning kernels 108#TcpRcvBufPoll yes 109 110# allow the use of the none cipher 111#NoneEnabled no 112 113# disable hpn performance boosts. 114#HPNDisabled no 115 116# buffer size for hpn to non-hpn connections 117#HPNBufferSize 2048 118 119 120# Example of overriding settings on a per-user basis 121#Match User anoncvs 122# X11Forwarding no 123# AllowTcpForwarding no 124# ForceCommand cvs server 125