1# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ 2# $FreeBSD$ 3 4# This is the sshd server system-wide configuration file. See 5# sshd_config(5) for more information. 6 7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 8 9# The strategy used for options in the default sshd_config shipped with 10# OpenSSH is to specify options with their default value where 11# possible, but leave them commented. Uncommented options change a 12# default value. 13 14# Note that some of FreeBSD's defaults differ from OpenBSD's, and 15# FreeBSD has a few additional options. 16 17#VersionAddendum FreeBSD-20080801 18 19#Port 22 20#Protocol 2 21#AddressFamily any 22#ListenAddress 0.0.0.0 23#ListenAddress :: 24 25# Disable legacy (protocol version 1) support in the server for new 26# installations. In future the default will change to require explicit 27# activation of protocol 1 28Protocol 2 29 30# HostKey for protocol version 1 31#HostKey /etc/ssh/ssh_host_key 32# HostKeys for protocol version 2 33#HostKey /etc/ssh/ssh_host_rsa_key 34#HostKey /etc/ssh/ssh_host_dsa_key 35 36# Lifetime and size of ephemeral version 1 server key 37#KeyRegenerationInterval 1h 38#ServerKeyBits 1024 39 40# Logging 41# obsoletes QuietMode and FascistLogging 42#SyslogFacility AUTH 43#LogLevel INFO 44 45# Authentication: 46 47#LoginGraceTime 2m 48#PermitRootLogin no 49#StrictModes yes 50#MaxAuthTries 6 51#MaxSessions 10 52 53#RSAAuthentication yes 54#PubkeyAuthentication yes 55#AuthorizedKeysFile .ssh/authorized_keys 56 57# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 58#RhostsRSAAuthentication no 59# similar for protocol version 2 60#HostbasedAuthentication no 61# Change to yes if you don't trust ~/.ssh/known_hosts for 62# RhostsRSAAuthentication and HostbasedAuthentication 63#IgnoreUserKnownHosts no 64# Don't read the user's ~/.rhosts and ~/.shosts files 65#IgnoreRhosts yes 66 67# Change to yes to enable built-in password authentication. 68#PasswordAuthentication no 69#PermitEmptyPasswords no 70 71# Change to no to disable PAM authentication 72#ChallengeResponseAuthentication yes 73 74# Kerberos options 75#KerberosAuthentication no 76#KerberosOrLocalPasswd yes 77#KerberosTicketCleanup yes 78#KerberosGetAFSToken no 79 80# GSSAPI options 81#GSSAPIAuthentication no 82#GSSAPICleanupCredentials yes 83 84# Set this to 'no' to disable PAM authentication, account processing, 85# and session processing. If this is enabled, PAM authentication will 86# be allowed through the ChallengeResponseAuthentication and 87# PasswordAuthentication. Depending on your PAM configuration, 88# PAM authentication via ChallengeResponseAuthentication may bypass 89# the setting of "PermitRootLogin without-password". 90# If you just want the PAM account and session checks to run without 91# PAM authentication, then enable this but set PasswordAuthentication 92# and ChallengeResponseAuthentication to 'no'. 93#UsePAM yes 94 95#AllowAgentForwarding yes 96#AllowTcpForwarding yes 97#GatewayPorts no 98#X11Forwarding yes 99#X11DisplayOffset 10 100#X11UseLocalhost yes 101#PrintMotd yes 102#PrintLastLog yes 103#TCPKeepAlive yes 104#UseLogin no 105#UsePrivilegeSeparation yes 106#PermitUserEnvironment no 107#Compression delayed 108#ClientAliveInterval 0 109#ClientAliveCountMax 3 110#UseDNS yes 111#PidFile /var/run/sshd.pid 112#MaxStartups 10 113#PermitTunnel no 114#ChrootDirectory none 115 116# no default banner path 117#Banner none 118 119# override default of no subsystems 120Subsystem sftp /usr/libexec/sftp-server 121 122# Example of overriding settings on a per-user basis 123#Match User anoncvs 124# X11Forwarding no 125# AllowTcpForwarding no 126# ForceCommand cvs server 127