xref: /freebsd/crypto/openssh/sshd_config (revision f9218d3d4fd34f082473b3a021c6d4d109fb47cf) 
1#	$OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
2#	$FreeBSD$
3
4# This is the sshd server system-wide configuration file.  See
5# sshd_config(5) for more information.
6
7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8
9# The strategy used for options in the default sshd_config shipped with
10# OpenSSH is to specify options with their default value where
11# possible, but leave them commented.  Uncommented options change a
12# default value.
13
14# Note that some of FreeBSD's defaults differ from OpenBSD's, and
15# FreeBSD has a few additional options.
16
17#VersionAddendum FreeBSD-20030201
18
19#Port 22
20#Protocol 2,1
21#ListenAddress 0.0.0.0
22#ListenAddress ::
23
24# HostKey for protocol version 1
25#HostKey /etc/ssh/ssh_host_key
26# HostKeys for protocol version 2
27#HostKey /etc/ssh/ssh_host_dsa_key
28
29# Lifetime and size of ephemeral version 1 server key
30#KeyRegenerationInterval 3600
31#ServerKeyBits 768
32
33# Logging
34#obsoletes QuietMode and FascistLogging
35#SyslogFacility AUTH
36#LogLevel INFO
37
38# Authentication:
39
40#LoginGraceTime 120
41#PermitRootLogin no
42#StrictModes yes
43
44#RSAAuthentication yes
45#PubkeyAuthentication yes
46#AuthorizedKeysFile	.ssh/authorized_keys
47
48# rhosts authentication should not be used
49#RhostsAuthentication no
50# Don't read the user's ~/.rhosts and ~/.shosts files
51#IgnoreRhosts yes
52# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
53#RhostsRSAAuthentication no
54# similar for protocol version 2
55#HostbasedAuthentication no
56# Change to yes if you don't trust ~/.ssh/known_hosts for
57# RhostsRSAAuthentication and HostbasedAuthentication
58#IgnoreUserKnownHosts no
59
60# To disable tunneled clear text passwords, change to no here!
61#PasswordAuthentication yes
62#PermitEmptyPasswords no
63
64# Change to no to disable PAM authentication
65#ChallengeResponseAuthentication yes
66
67# Kerberos options
68#KerberosAuthentication no
69#KerberosOrLocalPasswd yes
70#KerberosTicketCleanup yes
71
72#AFSTokenPassing no
73
74# Kerberos TGT Passing only works with the AFS kaserver
75#KerberosTgtPassing no
76
77#X11Forwarding yes
78#X11DisplayOffset 10
79#X11UseLocalhost yes
80#PrintMotd yes
81#PrintLastLog yes
82#KeepAlive yes
83#UseLogin no
84#UsePrivilegeSeparation yes
85#PermitUserEnvironment no
86#Compression yes
87
88#MaxStartups 10
89# no default banner path
90#Banner /some/path
91#VerifyReverseMapping no
92
93# override default of no subsystems
94Subsystem	sftp	/usr/libexec/sftp-server
95