1# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $ 2# $FreeBSD$ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 8 9# The strategy used for options in the default sshd_config shipped with 10# OpenSSH is to specify options with their default value where 11# possible, but leave them commented. Uncommented options change a 12# default value. 13 14# Note that some of FreeBSD's defaults differ from OpenBSD's, and 15# FreeBSD has a few additional options. 16 17#VersionAddendum FreeBSD-20100428 18 19#Port 22 20#AddressFamily any 21#ListenAddress 0.0.0.0 22#ListenAddress :: 23 24# The default requires explicit activation of protocol 1 25#Protocol 2 26 27# HostKey for protocol version 1 28#HostKey /etc/ssh/ssh_host_key 29# HostKeys for protocol version 2 30#HostKey /etc/ssh/ssh_host_rsa_key 31#HostKey /etc/ssh/ssh_host_dsa_key 32 33# Lifetime and size of ephemeral version 1 server key 34#KeyRegenerationInterval 1h 35#ServerKeyBits 1024 36 37# Logging 38# obsoletes QuietMode and FascistLogging 39#SyslogFacility AUTH 40#LogLevel INFO 41 42# Authentication: 43 44#LoginGraceTime 2m 45#PermitRootLogin no 46#StrictModes yes 47#MaxAuthTries 6 48#MaxSessions 10 49 50#RSAAuthentication yes 51#PubkeyAuthentication yes 52#AuthorizedKeysFile .ssh/authorized_keys 53 54# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 55#RhostsRSAAuthentication no 56# similar for protocol version 2 57#HostbasedAuthentication no 58# Change to yes if you don't trust ~/.ssh/known_hosts for 59# RhostsRSAAuthentication and HostbasedAuthentication 60#IgnoreUserKnownHosts no 61# Don't read the user's ~/.rhosts and ~/.shosts files 62#IgnoreRhosts yes 63 64# Change to yes to enable built-in password authentication. 65#PasswordAuthentication no 66#PermitEmptyPasswords no 67 68# Change to no to disable PAM authentication 69#ChallengeResponseAuthentication yes 70 71# Kerberos options 72#KerberosAuthentication no 73#KerberosOrLocalPasswd yes 74#KerberosTicketCleanup yes 75#KerberosGetAFSToken no 76 77# GSSAPI options 78#GSSAPIAuthentication no 79#GSSAPICleanupCredentials yes 80 81# Set this to 'no' to disable PAM authentication, account processing, 82# and session processing. If this is enabled, PAM authentication will 83# be allowed through the ChallengeResponseAuthentication and 84# PasswordAuthentication. Depending on your PAM configuration, 85# PAM authentication via ChallengeResponseAuthentication may bypass 86# the setting of "PermitRootLogin without-password". 87# If you just want the PAM account and session checks to run without 88# PAM authentication, then enable this but set PasswordAuthentication 89# and ChallengeResponseAuthentication to 'no'. 90#UsePAM yes 91 92#AllowAgentForwarding yes 93#AllowTcpForwarding yes 94#GatewayPorts no 95#X11Forwarding yes 96#X11DisplayOffset 10 97#X11UseLocalhost yes 98#PrintMotd yes 99#PrintLastLog yes 100#TCPKeepAlive yes 101#UseLogin no 102#UsePrivilegeSeparation yes 103#PermitUserEnvironment no 104#Compression delayed 105#ClientAliveInterval 0 106#ClientAliveCountMax 3 107#UseDNS yes 108#PidFile /var/run/sshd.pid 109#MaxStartups 10 110#PermitTunnel no 111#ChrootDirectory none 112 113# no default banner path 114#Banner none 115 116# override default of no subsystems 117Subsystem sftp /usr/libexec/sftp-server 118 119# Example of overriding settings on a per-user basis 120#Match User anoncvs 121# X11Forwarding no 122# AllowTcpForwarding no 123# ForceCommand cvs server 124