| blob | 8377926ca7c870a93d828a8985044e2d8e577319 |
1 # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
2 # $DragonFly: src/crypto/openssh-5/sshd_config,v 1.4 2008/09/28 03:19:46 pavalos Exp $
4 # This is the sshd server system-wide configuration file. See
5 # sshd_config(5) for more information.
7 # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
9 # The strategy used for options in the default sshd_config shipped with
10 # OpenSSH is to specify options with their default value where
11 # possible, but leave them commented. Uncommented options change a
12 # default value.
14 # Note that some of DragonFly's defaults differ from OpenBSD's, and
15 # DragonFly has a few additional options.
17 #VersionAddendum DragonFly-20080927
19 #Port 22
20 #AddressFamily any
21 #ListenAddress 0.0.0.0
22 #ListenAddress ::
24 # Disable legacy (protocol version 1) support in the server for new
25 # installations. In future the default will change to require explicit
26 # activation of protocol 1
27 Protocol 2
29 # HostKey for protocol version 1
30 #HostKey /etc/ssh/ssh_host_key
31 # HostKeys for protocol version 2
32 #HostKey /etc/ssh/ssh_host_rsa_key
33 #HostKey /etc/ssh/ssh_host_dsa_key
35 # Lifetime and size of ephemeral version 1 server key
36 #KeyRegenerationInterval 1h
37 #ServerKeyBits 1024
39 # Logging
40 # obsoletes QuietMode and FascistLogging
41 #SyslogFacility AUTH
42 #LogLevel INFO
44 # Authentication:
46 #LoginGraceTime 2m
47 #PermitRootLogin no
48 #StrictModes yes
49 #MaxAuthTries 6
50 #MaxSessions 10
52 #RSAAuthentication yes
53 #PubkeyAuthentication yes
54 #PermitBlacklistedKeys no
55 #AuthorizedKeysFile .ssh/authorized_keys
57 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
58 #RhostsRSAAuthentication no
59 # similar for protocol version 2
60 #HostbasedAuthentication no
61 # Change to yes if you don't trust ~/.ssh/known_hosts for
62 # RhostsRSAAuthentication and HostbasedAuthentication
63 #IgnoreUserKnownHosts no
64 # Don't read the user's ~/.rhosts and ~/.shosts files
65 #IgnoreRhosts yes
67 # To disable tunneled clear text passwords, change to no here!
68 #PasswordAuthentication yes
69 #PermitEmptyPasswords no
71 # Change to no to disable PAM authentication
72 #ChallengeResponseAuthentication yes
74 # Kerberos options
75 #KerberosAuthentication no
76 #KerberosOrLocalPasswd yes
77 #KerberosTicketCleanup yes
78 #KerberosGetAFSToken no
80 # GSSAPI options
81 #GSSAPIAuthentication no
82 #GSSAPICleanupCredentials yes
84 # Set this to 'yes' to enable PAM authentication, account processing,
85 # and session processing. If this is enabled, PAM authentication will
86 # be allowed through the ChallengeResponseAuthentication and
87 # PasswordAuthentication. Depending on your PAM configuration,
88 # PAM authentication via ChallengeResponseAuthentication may bypass
89 # the setting of "PermitRootLogin without-password".
90 # If you just want the PAM account and session checks to run without
91 # PAM authentication, then enable this but set PasswordAuthentication
92 # and ChallengeResponseAuthentication to 'no'.
93 #UsePAM no
95 #AllowAgentForwarding yes
96 #AllowTcpForwarding yes
97 #GatewayPorts no
98 #X11Forwarding yes
99 #X11DisplayOffset 10
100 #X11UseLocalhost yes
101 #PrintMotd yes
102 #PrintLastLog yes
103 #TCPKeepAlive yes
104 #UseLogin no
105 #UsePrivilegeSeparation yes
106 #PermitUserEnvironment no
107 #Compression delayed
108 #ClientAliveInterval 0
109 #ClientAliveCountMax 3
110 #UseDNS yes
111 #PidFile /var/run/sshd.pid
112 #MaxStartups 10
113 #PermitTunnel no
114 #ChrootDirectory none
116 #XAuthLocation /usr/pkg/bin/xauth
118 # no default banner path
119 #Banner none
121 # override default of no subsystems
122 Subsystem sftp /usr/libexec/sftp-server
124 # Example of overriding settings on a per-user basis
125 #Match User anoncvs
126 # X11Forwarding no
127 # AllowTcpForwarding no
128 # ForceCommand cvs server