xref: /freebsd/crypto/openssh/sshd_config (revision 6af83ee0d2941d18880b6aaa2b4facd1d30c6106) 
1#	$OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
2#	$FreeBSD$
3
4# This is the sshd server system-wide configuration file.  See
5# sshd_config(5) for more information.
6
7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8
9# The strategy used for options in the default sshd_config shipped with
10# OpenSSH is to specify options with their default value where
11# possible, but leave them commented.  Uncommented options change a
12# default value.
13
14# Note that some of FreeBSD's defaults differ from OpenBSD's, and
15# FreeBSD has a few additional options.
16
17#VersionAddendum FreeBSD-20041028
18
19#Port 22
20#Protocol 2
21#ListenAddress 0.0.0.0
22#ListenAddress ::
23
24# HostKey for protocol version 1
25#HostKey /etc/ssh/ssh_host_key
26# HostKeys for protocol version 2
27#HostKey /etc/ssh/ssh_host_dsa_key
28
29# Lifetime and size of ephemeral version 1 server key
30#KeyRegenerationInterval 1h
31#ServerKeyBits 768
32
33# Logging
34#obsoletes QuietMode and FascistLogging
35#SyslogFacility AUTH
36#LogLevel INFO
37
38# Authentication:
39
40#LoginGraceTime 2m
41#PermitRootLogin no
42#StrictModes yes
43#MaxAuthTries 6
44
45#RSAAuthentication yes
46#PubkeyAuthentication yes
47#AuthorizedKeysFile	.ssh/authorized_keys
48
49# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
50#RhostsRSAAuthentication no
51# similar for protocol version 2
52#HostbasedAuthentication no
53# Change to yes if you don't trust ~/.ssh/known_hosts for
54# RhostsRSAAuthentication and HostbasedAuthentication
55#IgnoreUserKnownHosts no
56# Don't read the user's ~/.rhosts and ~/.shosts files
57#IgnoreRhosts yes
58
59# Change to yes to enable built-in password authentication.
60#PasswordAuthentication no
61#PermitEmptyPasswords no
62
63# Change to no to disable PAM authentication
64#ChallengeResponseAuthentication yes
65
66# Kerberos options
67#KerberosAuthentication no
68#KerberosOrLocalPasswd yes
69#KerberosTicketCleanup yes
70#KerberosGetAFSToken no
71
72# GSSAPI options
73#GSSAPIAuthentication no
74#GSSAPICleanupCredentials yes
75
76# Set this to 'no' to disable PAM authentication, account processing,
77# and session processing. If this is enabled, PAM authentication will
78# be allowed through the ChallengeResponseAuthentication mechanism.
79# Depending on your PAM configuration, this may bypass the setting of
80# PasswordAuthentication, PermitEmptyPasswords, and
81# "PermitRootLogin without-password". If you just want the PAM account and
82# session checks to run without PAM authentication, then enable this but set
83# ChallengeResponseAuthentication=no
84#UsePAM yes
85
86#AllowTcpForwarding yes
87#GatewayPorts no
88#X11Forwarding yes
89#X11DisplayOffset 10
90#X11UseLocalhost yes
91#PrintMotd yes
92#PrintLastLog yes
93#TCPKeepAlive yes
94#UseLogin no
95#UsePrivilegeSeparation yes
96#PermitUserEnvironment no
97#Compression yes
98#ClientAliveInterval 0
99#ClientAliveCountMax 3
100#UseDNS yes
101#PidFile /var/run/sshd.pid
102#MaxStartups 10
103
104# no default banner path
105#Banner /some/path
106
107# override default of no subsystems
108Subsystem	sftp	/usr/libexec/sftp-server
109