1# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ 2# $FreeBSD$ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 8 9# The strategy used for options in the default sshd_config shipped with 10# OpenSSH is to specify options with their default value where 11# possible, but leave them commented. Uncommented options change a 12# default value. 13 14# Note that some of FreeBSD's defaults differ from OpenBSD's, and 15# FreeBSD has a few additional options. 16 17#VersionAddendum FreeBSD-20091001 18 19#Port 22 20#AddressFamily any 21#ListenAddress 0.0.0.0 22#ListenAddress :: 23 24# Disable legacy (protocol version 1) support in the server for new 25# installations. In future the default will change to require explicit 26# activation of protocol 1 27Protocol 2 28 29# HostKey for protocol version 1 30#HostKey /etc/ssh/ssh_host_key 31# HostKeys for protocol version 2 32#HostKey /etc/ssh/ssh_host_rsa_key 33#HostKey /etc/ssh/ssh_host_dsa_key 34 35# Lifetime and size of ephemeral version 1 server key 36#KeyRegenerationInterval 1h 37#ServerKeyBits 1024 38 39# Logging 40# obsoletes QuietMode and FascistLogging 41#SyslogFacility AUTH 42#LogLevel INFO 43 44# Authentication: 45 46#LoginGraceTime 2m 47#PermitRootLogin no 48#StrictModes yes 49#MaxAuthTries 6 50#MaxSessions 10 51 52#RSAAuthentication yes 53#PubkeyAuthentication yes 54#AuthorizedKeysFile .ssh/authorized_keys 55 56# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 57#RhostsRSAAuthentication no 58# similar for protocol version 2 59#HostbasedAuthentication no 60# Change to yes if you don't trust ~/.ssh/known_hosts for 61# RhostsRSAAuthentication and HostbasedAuthentication 62#IgnoreUserKnownHosts no 63# Don't read the user's ~/.rhosts and ~/.shosts files 64#IgnoreRhosts yes 65 66# Change to yes to enable built-in password authentication. 67#PasswordAuthentication no 68#PermitEmptyPasswords no 69 70# Change to no to disable PAM authentication 71#ChallengeResponseAuthentication yes 72 73# Kerberos options 74#KerberosAuthentication no 75#KerberosOrLocalPasswd yes 76#KerberosTicketCleanup yes 77#KerberosGetAFSToken no 78 79# GSSAPI options 80#GSSAPIAuthentication no 81#GSSAPICleanupCredentials yes 82 83# Set this to 'no' to disable PAM authentication, account processing, 84# and session processing. If this is enabled, PAM authentication will 85# be allowed through the ChallengeResponseAuthentication and 86# PasswordAuthentication. Depending on your PAM configuration, 87# PAM authentication via ChallengeResponseAuthentication may bypass 88# the setting of "PermitRootLogin without-password". 89# If you just want the PAM account and session checks to run without 90# PAM authentication, then enable this but set PasswordAuthentication 91# and ChallengeResponseAuthentication to 'no'. 92#UsePAM yes 93 94#AllowAgentForwarding yes 95#AllowTcpForwarding yes 96#GatewayPorts no 97#X11Forwarding yes 98#X11DisplayOffset 10 99#X11UseLocalhost yes 100#PrintMotd yes 101#PrintLastLog yes 102#TCPKeepAlive yes 103#UseLogin no 104#UsePrivilegeSeparation yes 105#PermitUserEnvironment no 106#Compression delayed 107#ClientAliveInterval 0 108#ClientAliveCountMax 3 109#UseDNS yes 110#PidFile /var/run/sshd.pid 111#MaxStartups 10 112#PermitTunnel no 113#ChrootDirectory none 114 115# no default banner path 116#Banner none 117 118# override default of no subsystems 119Subsystem sftp /usr/libexec/sftp-server 120 121# Example of overriding settings on a per-user basis 122#Match User anoncvs 123# X11Forwarding no 124# AllowTcpForwarding no 125# ForceCommand cvs server 126