| 1 |
ebe6af2e
|
Scott Ullrich
|
# $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
|
| 2 |
|
|
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $
|
| 3 |
|
|
|
| 4 |
|
|
# This is the sshd server system-wide configuration file. See
|
| 5 |
|
|
# sshd_config(5) for more information.
|
| 6 |
|
|
|
| 7 |
|
|
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
| 8 |
|
|
|
| 9 |
|
|
# The strategy used for options in the default sshd_config shipped with
|
| 10 |
|
|
# OpenSSH is to specify options with their default value where
|
| 11 |
|
|
# possible, but leave them commented. Uncommented options change a
|
| 12 |
|
|
# default value.
|
| 13 |
|
|
|
| 14 |
|
|
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
|
| 15 |
|
|
# FreeBSD has a few additional options.
|
| 16 |
|
|
|
| 17 |
|
|
#VersionAddendum FreeBSD-20040419
|
| 18 |
|
|
|
| 19 |
|
|
#Port 22
|
| 20 |
|
|
#Protocol 2
|
| 21 |
|
|
#ListenAddress 0.0.0.0
|
| 22 |
|
|
#ListenAddress ::
|
| 23 |
|
|
|
| 24 |
|
|
# HostKey for protocol version 1
|
| 25 |
|
|
#HostKey /etc/ssh/ssh_host_key
|
| 26 |
|
|
# HostKeys for protocol version 2
|
| 27 |
|
|
#HostKey /etc/ssh/ssh_host_dsa_key
|
| 28 |
|
|
|
| 29 |
|
|
# Lifetime and size of ephemeral version 1 server key
|
| 30 |
|
|
#KeyRegenerationInterval 1h
|
| 31 |
|
|
#ServerKeyBits 768
|
| 32 |
|
|
|
| 33 |
|
|
# Logging
|
| 34 |
|
|
#obsoletes QuietMode and FascistLogging
|
| 35 |
|
|
#SyslogFacility AUTH
|
| 36 |
|
|
#LogLevel INFO
|
| 37 |
|
|
|
| 38 |
|
|
# Authentication:
|
| 39 |
|
|
|
| 40 |
|
|
#LoginGraceTime 2m
|
| 41 |
|
|
PermitRootLogin yes
|
| 42 |
|
|
#StrictModes yes
|
| 43 |
|
|
|
| 44 |
|
|
#RSAAuthentication yes
|
| 45 |
|
|
#PubkeyAuthentication yes
|
| 46 |
|
|
#AuthorizedKeysFile .ssh/authorized_keys
|
| 47 |
|
|
|
| 48 |
|
|
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
| 49 |
|
|
#RhostsRSAAuthentication no
|
| 50 |
|
|
# similar for protocol version 2
|
| 51 |
|
|
#HostbasedAuthentication no
|
| 52 |
|
|
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
| 53 |
|
|
# RhostsRSAAuthentication and HostbasedAuthentication
|
| 54 |
|
|
#IgnoreUserKnownHosts no
|
| 55 |
|
|
# Don't read the user's ~/.rhosts and ~/.shosts files
|
| 56 |
|
|
#IgnoreRhosts yes
|
| 57 |
|
|
|
| 58 |
|
|
# Change to yes to enable built-in password authentication.
|
| 59 |
|
|
#PasswordAuthentication no
|
| 60 |
|
|
#PermitEmptyPasswords no
|
| 61 |
|
|
|
| 62 |
|
|
# Change to no to disable PAM authentication
|
| 63 |
|
|
#ChallengeResponseAuthentication yes
|
| 64 |
|
|
|
| 65 |
|
|
# Kerberos options
|
| 66 |
|
|
#KerberosAuthentication no
|
| 67 |
|
|
#KerberosOrLocalPasswd yes
|
| 68 |
|
|
#KerberosTicketCleanup yes
|
| 69 |
|
|
#KerberosGetAFSToken no
|
| 70 |
|
|
|
| 71 |
|
|
# GSSAPI options
|
| 72 |
|
|
#GSSAPIAuthentication no
|
| 73 |
|
|
#GSSAPICleanupCredentials yes
|
| 74 |
|
|
|
| 75 |
|
|
# Set this to 'no' to disable PAM authentication (via challenge-response)
|
| 76 |
|
|
# and session processing.
|
| 77 |
|
|
#UsePAM yes
|
| 78 |
|
|
|
| 79 |
|
|
#AllowTcpForwarding yes
|
| 80 |
|
|
#GatewayPorts no
|
| 81 |
|
|
#X11DisplayOffset 10
|
| 82 |
|
|
#X11UseLocalhost yes
|
| 83 |
|
|
#PrintMotd yes
|
| 84 |
|
|
#PrintLastLog yes
|
| 85 |
|
|
#TCPKeepAlive yes
|
| 86 |
|
|
#UseLogin no
|
| 87 |
|
|
#UsePrivilegeSeparation yes
|
| 88 |
|
|
#PermitUserEnvironment no
|
| 89 |
c1ca1741
|
Scott Ullrich
|
|
| 90 |
ebe6af2e
|
Scott Ullrich
|
#PidFile /var/run/sshd.pid
|
| 91 |
|
|
#MaxStartups 10
|
| 92 |
|
|
|
| 93 |
|
|
# no default banner path
|
| 94 |
|
|
#Banner /some/path
|
| 95 |
|
|
|
| 96 |
c1ca1741
|
Scott Ullrich
|
Compression yes
|
| 97 |
|
|
ClientAliveInterval 30
|
| 98 |
9d0b14e0
|
Scott Ullrich
|
ClientAliveCountMax 5
|
| 99 |
c1ca1741
|
Scott Ullrich
|
UseDNS no
|
| 100 |
|
|
X11Forwarding no
|
| 101 |
|
|
|
| 102 |
ebe6af2e
|
Scott Ullrich
|
# override default of no subsystems
|
| 103 |
|
|
Subsystem sftp /usr/libexec/sftp-server
|