1# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ 2# $FreeBSD$ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 8 9# The strategy used for options in the default sshd_config shipped with 10# OpenSSH is to specify options with their default value where 11# possible, but leave them commented. Uncommented options override the 12# default value. 13 14# Note that some of FreeBSD's defaults differ from OpenBSD's, and 15# FreeBSD has a few additional options. 16 17#VersionAddendum FreeBSD-20111001 18 19#Port 22 20#AddressFamily any 21#ListenAddress 0.0.0.0 22#ListenAddress :: 23 24# The default requires explicit activation of protocol 1 25#Protocol 2 26 27# HostKey for protocol version 1 28#HostKey /etc/ssh/ssh_host_key 29# HostKeys for protocol version 2 30#HostKey /etc/ssh/ssh_host_rsa_key 31#HostKey /etc/ssh/ssh_host_dsa_key 32#HostKey /etc/ssh/ssh_host_ecdsa_key 33 34# Lifetime and size of ephemeral version 1 server key 35#KeyRegenerationInterval 1h 36#ServerKeyBits 1024 37 38# Logging 39# obsoletes QuietMode and FascistLogging 40#SyslogFacility AUTH 41#LogLevel INFO 42 43# Authentication: 44 45#LoginGraceTime 2m 46#PermitRootLogin no 47#StrictModes yes 48#MaxAuthTries 6 49#MaxSessions 10 50 51#RSAAuthentication yes 52#PubkeyAuthentication yes 53 54# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 55# but this is overridden so installations will only check .ssh/authorized_keys 56AuthorizedKeysFile .ssh/authorized_keys 57 58# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 59#RhostsRSAAuthentication no 60# similar for protocol version 2 61#HostbasedAuthentication no 62# Change to yes if you don't trust ~/.ssh/known_hosts for 63# RhostsRSAAuthentication and HostbasedAuthentication 64#IgnoreUserKnownHosts no 65# Don't read the user's ~/.rhosts and ~/.shosts files 66#IgnoreRhosts yes 67 68# Change to yes to enable built-in password authentication. 69#PasswordAuthentication no 70#PermitEmptyPasswords no 71 72# Change to no to disable PAM authentication 73#ChallengeResponseAuthentication yes 74 75# Kerberos options 76#KerberosAuthentication no 77#KerberosOrLocalPasswd yes 78#KerberosTicketCleanup yes 79#KerberosGetAFSToken no 80 81# GSSAPI options 82#GSSAPIAuthentication no 83#GSSAPICleanupCredentials yes 84 85# Set this to 'no' to disable PAM authentication, account processing, 86# and session processing. If this is enabled, PAM authentication will 87# be allowed through the ChallengeResponseAuthentication and 88# PasswordAuthentication. Depending on your PAM configuration, 89# PAM authentication via ChallengeResponseAuthentication may bypass 90# the setting of "PermitRootLogin without-password". 91# If you just want the PAM account and session checks to run without 92# PAM authentication, then enable this but set PasswordAuthentication 93# and ChallengeResponseAuthentication to 'no'. 94#UsePAM yes 95 96#AllowAgentForwarding yes 97#AllowTcpForwarding yes 98#GatewayPorts no 99#X11Forwarding yes 100#X11DisplayOffset 10 101#X11UseLocalhost yes 102#PrintMotd yes 103#PrintLastLog yes 104#TCPKeepAlive yes 105#UseLogin no 106#UsePrivilegeSeparation yes 107#PermitUserEnvironment no 108#Compression delayed 109#ClientAliveInterval 0 110#ClientAliveCountMax 3 111#UseDNS yes 112#PidFile /var/run/sshd.pid 113#MaxStartups 10 114#PermitTunnel no 115#ChrootDirectory none 116 117# no default banner path 118#Banner none 119 120# override default of no subsystems 121Subsystem sftp /usr/libexec/sftp-server 122 123# Disable HPN tuning improvements. 124#HPNDisabled no 125 126# Buffer size for HPN to non-HPN connections. 127#HPNBufferSize 2048 128 129# TCP receive socket buffer polling for HPN. Disable on non autotuning kernels. 130#TcpRcvBufPoll yes 131 132# Allow the use of the NONE cipher. 133#NoneEnabled no 134 135# Example of overriding settings on a per-user basis 136#Match User anoncvs 137# X11Forwarding no 138# AllowTcpForwarding no 139# ForceCommand cvs server 140