1# $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $ 2# $FreeBSD$ 3 4# This is the sshd server system-wide configuration file. See sshd(8) 5# for more information. 6 7Port 22 8#Protocol 2,1 9#ListenAddress 0.0.0.0 10#ListenAddress :: 11HostKey /etc/ssh/ssh_host_key 12HostKey /etc/ssh/ssh_host_dsa_key 13ServerKeyBits 768 14LoginGraceTime 120 15KeyRegenerationInterval 3600 16PermitRootLogin no 17# ConnectionsPerPeriod has been deprecated completely 18 19# After 10 unauthenticated connections, refuse 30% of the new ones, and 20# refuse any more than 60 total. 21MaxStartups 10:30:60 22# Don't read ~/.rhosts and ~/.shosts files 23IgnoreRhosts yes 24# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication 25#IgnoreUserKnownHosts yes 26StrictModes yes 27X11Forwarding yes 28X11DisplayOffset 10 29PrintMotd yes 30#PrintLastLog no 31KeepAlive yes 32 33# Logging 34SyslogFacility AUTH 35LogLevel INFO 36#obsoletes QuietMode and FascistLogging 37 38RhostsAuthentication no 39# 40# For this to work you will also need host keys in /etc/ssh_known_hosts 41RhostsRSAAuthentication no 42# similar for protocol version 2 43HostbasedAuthentication no 44# 45RSAAuthentication yes 46 47# To disable tunneled clear text passwords, change to no here! 48PasswordAuthentication yes 49PermitEmptyPasswords no 50 51# Uncomment to disable s/key passwords 52#ChallengeResponseAuthentication no 53 54# To change Kerberos options 55#KerberosAuthentication no 56#KerberosOrLocalPasswd yes 57#AFSTokenPassing no 58#KerberosTicketCleanup no 59 60# Kerberos TGT Passing does only work with the AFS kaserver 61#KerberosTgtPassing yes 62 63CheckMail yes 64#UseLogin no 65 66#MaxStartups 10:30:60 67#Banner /etc/issue.net 68#ReverseMappingCheck yes 69 70Subsystem sftp /usr/libexec/sftp-server 71