1# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ 2# $FreeBSD$ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 8 9# The strategy used for options in the default sshd_config shipped with 10# OpenSSH is to specify options with their default value where 11# possible, but leave them commented. Uncommented options override the 12# default value. 13 14# Note that some of FreeBSD's defaults differ from OpenBSD's, and 15# FreeBSD has a few additional options. 16 17#Port 22 18#AddressFamily any 19#ListenAddress 0.0.0.0 20#ListenAddress :: 21 22# The default requires explicit activation of protocol 1 23#Protocol 2 24 25# HostKey for protocol version 1 26#HostKey /etc/ssh/ssh_host_key 27# HostKeys for protocol version 2 28#HostKey /etc/ssh/ssh_host_rsa_key 29#HostKey /etc/ssh/ssh_host_dsa_key 30#HostKey /etc/ssh/ssh_host_ecdsa_key 31 32# Lifetime and size of ephemeral version 1 server key 33#KeyRegenerationInterval 1h 34#ServerKeyBits 1024 35 36# Ciphers and keying 37#RekeyLimit default none 38 39# Logging 40# obsoletes QuietMode and FascistLogging 41#SyslogFacility AUTH 42#LogLevel INFO 43 44# Authentication: 45 46#LoginGraceTime 2m 47#PermitRootLogin no 48#StrictModes yes 49#MaxAuthTries 6 50#MaxSessions 10 51 52#RSAAuthentication yes 53#PubkeyAuthentication yes 54 55# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 56#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 57 58#AuthorizedPrincipalsFile none 59 60#AuthorizedKeysCommand none 61#AuthorizedKeysCommandUser nobody 62 63# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 64#RhostsRSAAuthentication no 65# similar for protocol version 2 66#HostbasedAuthentication no 67# Change to yes if you don't trust ~/.ssh/known_hosts for 68# RhostsRSAAuthentication and HostbasedAuthentication 69#IgnoreUserKnownHosts no 70# Don't read the user's ~/.rhosts and ~/.shosts files 71#IgnoreRhosts yes 72 73# Change to yes to enable built-in password authentication. 74#PasswordAuthentication no 75#PermitEmptyPasswords no 76 77# Change to no to disable PAM authentication 78#ChallengeResponseAuthentication yes 79 80# Kerberos options 81#KerberosAuthentication no 82#KerberosOrLocalPasswd yes 83#KerberosTicketCleanup yes 84#KerberosGetAFSToken no 85 86# GSSAPI options 87#GSSAPIAuthentication no 88#GSSAPICleanupCredentials yes 89 90# Set this to 'no' to disable PAM authentication, account processing, 91# and session processing. If this is enabled, PAM authentication will 92# be allowed through the ChallengeResponseAuthentication and 93# PasswordAuthentication. Depending on your PAM configuration, 94# PAM authentication via ChallengeResponseAuthentication may bypass 95# the setting of "PermitRootLogin without-password". 96# If you just want the PAM account and session checks to run without 97# PAM authentication, then enable this but set PasswordAuthentication 98# and ChallengeResponseAuthentication to 'no'. 99#UsePAM yes 100 101#AllowAgentForwarding yes 102#AllowTcpForwarding yes 103#GatewayPorts no 104#X11Forwarding yes 105#X11DisplayOffset 10 106#X11UseLocalhost yes 107#PrintMotd yes 108#PrintLastLog yes 109#TCPKeepAlive yes 110#UseLogin no 111#UsePrivilegeSeparation yes 112#PermitUserEnvironment no 113#Compression delayed 114#ClientAliveInterval 0 115#ClientAliveCountMax 3 116#UseDNS yes 117#PidFile /var/run/sshd.pid 118#MaxStartups 10:30:100 119#PermitTunnel no 120#ChrootDirectory none 121#VersionAddendum FreeBSD-20131111 122 123# no default banner path 124#Banner none 125 126# override default of no subsystems 127Subsystem sftp /usr/libexec/sftp-server 128 129# Disable HPN tuning improvements. 130#HPNDisabled no 131 132# Buffer size for HPN to non-HPN connections. 133#HPNBufferSize 2048 134 135# TCP receive socket buffer polling for HPN. Disable on non autotuning kernels. 136#TcpRcvBufPoll yes 137 138# Allow the use of the NONE cipher. 139#NoneEnabled no 140 141# Example of overriding settings on a per-user basis 142#Match User anoncvs 143# X11Forwarding no 144# AllowTcpForwarding no 145# ForceCommand cvs server 146