1# $OpenBSD: src/usr.bin/ssh/sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $ 2# $FreeBSD$ 3 4# This is the sshd server system-wide configuration file. See sshd(8) 5# for more information. 6 7# The strategy used for options in the default sshd_config shipped with 8# OpenSSH is to specify options with their default value where 9# possible, but leave them commented. Uncommented options change a 10# default value. 11 12# Note that some of FreeBSD's defaults differ from OpenBSD's, and 13# FreeBSD has a few additional options. 14 15#VersionAddendum FreeBSD localisations 20020318 16 17#Port 22 18#Protocol 2,1 19#ListenAddress 0.0.0.0 20#ListenAddress :: 21 22# HostKey for protocol version 1 23#HostKey /etc/ssh/ssh_host_key 24# HostKeys for protocol version 2 25#HostKey /etc/ssh/ssh_host_rsa_key 26#HostKey /etc/ssh/ssh_host_dsa_key 27 28# Lifetime and size of ephemeral version 1 server key 29#KeyRegenerationInterval 3600 30#ServerKeyBits 768 31 32# Logging 33#obsoletes QuietMode and FascistLogging 34#SyslogFacility AUTH 35#LogLevel INFO 36 37# Authentication: 38 39#LoginGraceTime 120 40#PermitRootLogin no 41#StrictModes yes 42 43#RSAAuthentication yes 44#PubkeyAuthentication yes 45#AuthorizedKeysFile .ssh/authorized_keys 46 47# rhosts authentication should not be used 48#RhostsAuthentication no 49# Don't read the user's ~/.rhosts and ~/.shosts files 50#IgnoreRhosts yes 51# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 52#RhostsRSAAuthentication no 53# similar for protocol version 2 54#HostbasedAuthentication no 55# Change to yes if you don't trust ~/.ssh/known_hosts for 56# RhostsRSAAuthentication and HostbasedAuthentication 57#IgnoreUserKnownHosts no 58 59# To disable tunneled clear text passwords, change to no here! 60#PasswordAuthentication yes 61#PermitEmptyPasswords no 62 63# Change to no to disable s/key passwords 64#ChallengeResponseAuthentication yes 65 66# Kerberos options 67# KerberosAuthentication automatically enabled if keyfile exists 68#KerberosAuthentication yes 69#KerberosOrLocalPasswd yes 70#KerberosTicketCleanup yes 71 72# AFSTokenPassing automatically enabled if k_hasafs() is true 73#AFSTokenPassing yes 74 75# Kerberos TGT Passing only works with the AFS kaserver 76#KerberosTgtPassing no 77 78#X11Forwarding yes 79#X11DisplayOffset 10 80#X11UseLocalhost yes 81#PrintMotd yes 82#PrintLastLog yes 83#KeepAlive yes 84#UseLogin no 85#CheckMail yes 86 87#MaxStartups 10 88# no default banner path 89#Banner /some/path 90#VerifyReverseMapping no 91 92# override default of no subsystems 93Subsystem sftp /usr/libexec/sftp-server 94