1 | # $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $ |
---|
2 | |
---|
3 | # This is the sshd server system-wide configuration file. See |
---|
4 | # sshd_config(5) for more information. |
---|
5 | |
---|
6 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin |
---|
7 | |
---|
8 | # The strategy used for options in the default sshd_config shipped with |
---|
9 | # OpenSSH is to specify options with their default value where |
---|
10 | # possible, but leave them commented. Uncommented options change a |
---|
11 | # default value. |
---|
12 | |
---|
13 | #Port 22 |
---|
14 | #Protocol 2,1 |
---|
15 | #ListenAddress 0.0.0.0 |
---|
16 | #ListenAddress :: |
---|
17 | |
---|
18 | # HostKey for protocol version 1 |
---|
19 | #HostKey /etc/ssh/ssh_host_key |
---|
20 | # HostKeys for protocol version 2 |
---|
21 | #HostKey /etc/ssh/ssh_host_rsa_key |
---|
22 | #HostKey /etc/ssh/ssh_host_dsa_key |
---|
23 | |
---|
24 | # Lifetime and size of ephemeral version 1 server key |
---|
25 | #KeyRegenerationInterval 3600 |
---|
26 | #ServerKeyBits 768 |
---|
27 | |
---|
28 | # Logging |
---|
29 | #obsoletes QuietMode and FascistLogging |
---|
30 | #SyslogFacility AUTH |
---|
31 | #LogLevel INFO |
---|
32 | |
---|
33 | # Authentication: |
---|
34 | |
---|
35 | #LoginGraceTime 120 |
---|
36 | #PermitRootLogin yes |
---|
37 | #StrictModes yes |
---|
38 | |
---|
39 | #RSAAuthentication yes |
---|
40 | #PubkeyAuthentication yes |
---|
41 | #AuthorizedKeysFile .ssh/authorized_keys |
---|
42 | |
---|
43 | # rhosts authentication should not be used |
---|
44 | #RhostsAuthentication no |
---|
45 | # Don't read the user's ~/.rhosts and ~/.shosts files |
---|
46 | #IgnoreRhosts yes |
---|
47 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts |
---|
48 | #RhostsRSAAuthentication no |
---|
49 | # similar for protocol version 2 |
---|
50 | #HostbasedAuthentication no |
---|
51 | # Change to yes if you don't trust ~/.ssh/known_hosts for |
---|
52 | # RhostsRSAAuthentication and HostbasedAuthentication |
---|
53 | #IgnoreUserKnownHosts no |
---|
54 | |
---|
55 | # To disable tunneled clear text passwords, change to no here! |
---|
56 | #PasswordAuthentication yes |
---|
57 | #PermitEmptyPasswords no |
---|
58 | |
---|
59 | # Change to no to disable s/key passwords |
---|
60 | #ChallengeResponseAuthentication yes |
---|
61 | |
---|
62 | # Kerberos options |
---|
63 | #KerberosAuthentication no |
---|
64 | #KerberosOrLocalPasswd yes |
---|
65 | #KerberosTicketCleanup yes |
---|
66 | |
---|
67 | #AFSTokenPassing no |
---|
68 | |
---|
69 | # Kerberos TGT Passing only works with the AFS kaserver |
---|
70 | #KerberosTgtPassing no |
---|
71 | |
---|
72 | # Set this to 'yes' to enable PAM keyboard-interactive authentication |
---|
73 | # Warning: enabling this may bypass the setting of 'PasswordAuthentication' |
---|
74 | #PAMAuthenticationViaKbdInt no |
---|
75 | |
---|
76 | #X11Forwarding no |
---|
77 | #X11DisplayOffset 10 |
---|
78 | #X11UseLocalhost yes |
---|
79 | #PrintMotd yes |
---|
80 | #PrintLastLog yes |
---|
81 | #KeepAlive yes |
---|
82 | #UseLogin no |
---|
83 | #UsePrivilegeSeparation yes |
---|
84 | #PermitUserEnvironment no |
---|
85 | #Compression yes |
---|
86 | |
---|
87 | #MaxStartups 10 |
---|
88 | # no default banner path |
---|
89 | #Banner /some/path |
---|
90 | #VerifyReverseMapping no |
---|
91 | |
---|
92 | # override default of no subsystems |
---|
93 | Subsystem sftp /usr/libexec/sftp-server |
---|