xref: /freebsd/crypto/openssh/sshd_config (revision 6990ffd8a95caaba6858ad44ff1b3157d1efba8f)
1#	$OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
2# $FreeBSD$
3
4# This is the sshd server system-wide configuration file.  See sshd(8)
5# for more information.
6
7Port 22
8#Protocol 2,1
9#ListenAddress 0.0.0.0
10#ListenAddress ::
11HostKey /etc/ssh/ssh_host_key
12HostKey /etc/ssh/ssh_host_dsa_key
13ServerKeyBits 768
14LoginGraceTime 120
15KeyRegenerationInterval 3600
16PermitRootLogin no
17# ConnectionsPerPeriod has been deprecated completely
18
19# After 10 unauthenticated connections, refuse 30% of the new ones, and
20# refuse any more than 60 total.
21MaxStartups 10:30:60
22# Don't read ~/.rhosts and ~/.shosts files
23IgnoreRhosts yes
24# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
25#IgnoreUserKnownHosts yes
26StrictModes yes
27X11Forwarding yes
28X11DisplayOffset 10
29PrintMotd yes
30#PrintLastLog no
31KeepAlive yes
32
33# Logging
34SyslogFacility AUTH
35LogLevel INFO
36#obsoletes QuietMode and FascistLogging
37
38RhostsAuthentication no
39#
40# For this to work you will also need host keys in /etc/ssh_known_hosts
41RhostsRSAAuthentication no
42# similar for protocol version 2
43HostbasedAuthentication no
44#
45RSAAuthentication yes
46
47# To disable tunneled clear text passwords, change to no here!
48PasswordAuthentication yes
49PermitEmptyPasswords no
50
51# Uncomment to disable s/key passwords
52#ChallengeResponseAuthentication no
53
54# To change Kerberos options
55#KerberosAuthentication no
56#KerberosOrLocalPasswd yes
57#AFSTokenPassing no
58#KerberosTicketCleanup no
59
60# Kerberos TGT Passing does only work with the AFS kaserver
61#KerberosTgtPassing yes
62
63CheckMail yes
64#UseLogin no
65
66#MaxStartups 10:30:60
67#Banner /etc/issue.net
68#ReverseMappingCheck yes
69
70Subsystem	sftp	/usr/libexec/sftp-server
71