xref: /freebsd/crypto/openssh/sshd_config (revision d37ea99837e6ad50837fd9fe1771ddf1c3ba6002) 
1#	$OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
2#	$FreeBSD$
3
4# This is the sshd server system-wide configuration file.  See
5# sshd_config(5) for more information.
6
7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8
9# The strategy used for options in the default sshd_config shipped with
10# OpenSSH is to specify options with their default value where
11# possible, but leave them commented.  Uncommented options change a
12# default value.
13
14# Note that some of FreeBSD's defaults differ from OpenBSD's, and
15# FreeBSD has a few additional options.
16
17#VersionAddendum FreeBSD-20040419
18
19#Port 22
20#Protocol 2
21#ListenAddress 0.0.0.0
22#ListenAddress ::
23
24# HostKey for protocol version 1
25#HostKey /etc/ssh/ssh_host_key
26# HostKeys for protocol version 2
27#HostKey /etc/ssh/ssh_host_dsa_key
28
29# Lifetime and size of ephemeral version 1 server key
30#KeyRegenerationInterval 1h
31#ServerKeyBits 768
32
33# Logging
34#obsoletes QuietMode and FascistLogging
35#SyslogFacility AUTH
36#LogLevel INFO
37
38# Authentication:
39
40#LoginGraceTime 2m
41#PermitRootLogin no
42#StrictModes yes
43
44#RSAAuthentication yes
45#PubkeyAuthentication yes
46#AuthorizedKeysFile	.ssh/authorized_keys
47
48# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
49#RhostsRSAAuthentication no
50# similar for protocol version 2
51#HostbasedAuthentication no
52# Change to yes if you don't trust ~/.ssh/known_hosts for
53# RhostsRSAAuthentication and HostbasedAuthentication
54#IgnoreUserKnownHosts no
55# Don't read the user's ~/.rhosts and ~/.shosts files
56#IgnoreRhosts yes
57
58# Change to yes to enable built-in password authentication.
59#PasswordAuthentication no
60#PermitEmptyPasswords no
61
62# Change to no to disable PAM authentication
63#ChallengeResponseAuthentication yes
64
65# Kerberos options
66#KerberosAuthentication no
67#KerberosOrLocalPasswd yes
68#KerberosTicketCleanup yes
69#KerberosGetAFSToken no
70
71# GSSAPI options
72#GSSAPIAuthentication no
73#GSSAPICleanupCredentials yes
74
75# Set this to 'no' to disable PAM authentication (via challenge-response)
76# and session processing.
77#UsePAM yes
78
79#AllowTcpForwarding yes
80#GatewayPorts no
81#X11Forwarding yes
82#X11DisplayOffset 10
83#X11UseLocalhost yes
84#PrintMotd yes
85#PrintLastLog yes
86#TCPKeepAlive yes
87#UseLogin no
88#UsePrivilegeSeparation yes
89#PermitUserEnvironment no
90#Compression yes
91#ClientAliveInterval 0
92#ClientAliveCountMax 3
93#UseDNS yes
94#PidFile /var/run/sshd.pid
95#MaxStartups 10
96
97# no default banner path
98#Banner /some/path
99
100# override default of no subsystems
101Subsystem	sftp	/usr/libexec/sftp-server
102