xref: /netbsd-src/crypto/external/bsd/openssh/dist/sshd_config (revision b1c86f5f087524e68db12794ee9c3e3da1ab17a0)
1#	$NetBSD: sshd_config,v 1.3 2009/08/17 22:58:28 dyoung Exp $
2#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
3
4# This is the sshd server system-wide configuration file.  See
5# sshd_config(5) for more information.
6
7# The strategy used for options in the default sshd_config shipped with
8# OpenSSH is to specify options with their default value where
9# possible, but leave them commented.  Uncommented options change a
10# default value.
11
12#Port 22
13#AddressFamily any
14#ListenAddress 0.0.0.0
15#ListenAddress ::
16
17# Disable legacy (protocol version 1) support in the server for new
18# installations. In future the default will change to require explicit
19# activation of protocol 1
20Protocol 2
21
22# HostKey for protocol version 1
23#HostKey /etc/ssh/ssh_host_key
24# HostKeys for protocol version 2
25#HostKey /etc/ssh/ssh_host_rsa_key
26#HostKey /etc/ssh/ssh_host_dsa_key
27
28# Lifetime and size of ephemeral version 1 server key
29#KeyRegenerationInterval 1h
30#ServerKeyBits 1024
31
32# Logging
33# obsoletes QuietMode and FascistLogging
34#SyslogFacility AUTH
35#LogLevel INFO
36
37# Authentication:
38
39LoginGraceTime 600
40#PermitRootLogin no
41#StrictModes yes
42#MaxAuthTries 6
43#MaxSessions 10
44
45#RSAAuthentication yes
46#PubkeyAuthentication yes
47#AuthorizedKeysFile	.ssh/authorized_keys
48
49# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
50#RhostsRSAAuthentication no
51# similar for protocol version 2
52#HostbasedAuthentication no
53# Change to yes if you don't trust ~/.ssh/known_hosts for
54# RhostsRSAAuthentication and HostbasedAuthentication
55#IgnoreUserKnownHosts no
56# Don't read the user's ~/.rhosts and ~/.shosts files
57#IgnoreRhosts yes
58
59# To disable tunneled clear text passwords, change to no here!
60#PasswordAuthentication yes
61#PermitEmptyPasswords no
62
63# Change to no to disable s/key passwords
64#ChallengeResponseAuthentication yes
65
66# Kerberos options
67#KerberosAuthentication no
68#KerberosOrLocalPasswd yes
69#KerberosTicketCleanup yes
70#KerberosGetAFSToken no
71
72# GSSAPI options
73#GSSAPIAuthentication no
74#GSSAPICleanupCredentials yes
75
76#AllowAgentForwarding yes
77#AllowTcpForwarding yes
78#GatewayPorts no
79#X11Forwarding no
80# If you use xorg from pkgsrc then uncomment the following line.
81#XAuthLocation /usr/pkg/bin/xauth
82#X11DisplayOffset 10
83#X11UseLocalhost yes
84#PrintMotd yes
85#PrintLastLog yes
86#TCPKeepAlive yes
87#UseLogin no
88#UsePrivilegeSeparation yes
89UsePam yes
90#PermitUserEnvironment no
91#Compression delayed
92#ClientAliveInterval 0
93#ClientAliveCountMax 3
94#UseDNS yes
95#PidFile /var/run/sshd.pid
96#MaxStartups 10
97#PermitTunnel no
98#ChrootDirectory none
99
100# no default banner path
101#Banner none
102
103# override default of no subsystems
104Subsystem	sftp	/usr/libexec/sftp-server
105
106# the following are HPN related configuration options
107# tcp receive buffer polling. disable in non autotuning kernels
108#TcpRcvBufPoll yes
109
110# allow the use of the none cipher
111#NoneEnabled no
112
113# disable hpn performance boosts.
114#HPNDisabled no
115
116# buffer size for hpn to non-hpn connections
117#HPNBufferSize 2048
118
119
120# Example of overriding settings on a per-user basis
121#Match User anoncvs
122#	X11Forwarding no
123#	AllowTcpForwarding no
124#	ForceCommand cvs server
125