sshd_config 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
  1. # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
  2. # This is the sshd server system-wide configuration file. See
  3. # sshd_config(5) for more information.
  4. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  5. # The strategy used for options in the default sshd_config shipped with
  6. # OpenSSH is to specify options with their default value where
  7. # possible, but leave them commented. Uncommented options change a
  8. # default value.
  9. #Port 22
  10. #AddressFamily any
  11. # uncomment next line to disable ipv6
  12. #ListenAddress 0.0.0.0
  13. #ListenAddress ::
  14. # Disable legacy (protocol version 1) support in the server for new
  15. # installations. In future the default will change to require explicit
  16. # activation of protocol 1
  17. Protocol 2
  18. # HostKey for protocol version 1
  19. #HostKey /etc/ssh/ssh_host_key
  20. # HostKeys for protocol version 2
  21. HostKey /etc/ssh/ssh_host_rsa_key
  22. #HostKey /etc/ssh/ssh_host_dsa_key
  23. # Lifetime and size of ephemeral version 1 server key
  24. #KeyRegenerationInterval 1h
  25. #ServerKeyBits 1024
  26. # Logging
  27. # obsoletes QuietMode and FascistLogging
  28. #SyslogFacility AUTH
  29. #LogLevel INFO
  30. # Authentication:
  31. #LoginGraceTime 2m
  32. PermitRootLogin yes
  33. #StrictModes yes
  34. #MaxAuthTries 6
  35. #MaxSessions 10
  36. #RSAAuthentication yes
  37. PubkeyAuthentication yes
  38. AuthorizedKeysFile /etc/ssh/authorized_keys
  39. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  40. #RhostsRSAAuthentication no
  41. # similar for protocol version 2
  42. #HostbasedAuthentication no
  43. # Change to yes if you don't trust ~/.ssh/known_hosts for
  44. # RhostsRSAAuthentication and HostbasedAuthentication
  45. #IgnoreUserKnownHosts no
  46. # Don't read the user's ~/.rhosts and ~/.shosts files
  47. #IgnoreRhosts yes
  48. # To disable tunneled clear text passwords, change to no here!
  49. #PasswordAuthentication yes
  50. #PermitEmptyPasswords no
  51. # Change to no to disable s/key passwords
  52. #ChallengeResponseAuthentication yes
  53. # GSSAPI options for Kerberos 5
  54. #GSSAPIAuthentication no
  55. #GSSAPICleanupCredentials yes
  56. # Set this to 'yes' to enable PAM authentication, account processing,
  57. # and session processing. If this is enabled, PAM authentication will
  58. # be allowed through the ChallengeResponseAuthentication and
  59. # PasswordAuthentication. Depending on your PAM configuration,
  60. # PAM authentication via ChallengeResponseAuthentication may bypass
  61. # the setting of "PermitRootLogin without-password".
  62. # If you just want the PAM account and session checks to run without
  63. # PAM authentication, then enable this but set PasswordAuthentication
  64. # and ChallengeResponseAuthentication to 'no'.
  65. #UsePAM no
  66. #AllowAgentForwarding yes
  67. #AllowTcpForwarding yes
  68. #GatewayPorts no
  69. #X11Forwarding no
  70. #X11DisplayOffset 10
  71. #X11UseLocalhost yes
  72. #PrintMotd yes
  73. #PrintLastLog yes
  74. #TCPKeepAlive yes
  75. #UseLogin no
  76. UsePrivilegeSeparation yes
  77. #PermitUserEnvironment no
  78. #Compression delayed
  79. #ClientAliveInterval 0
  80. #ClientAliveCountMax 3
  81. UseDNS no
  82. #PidFile /var/run/sshd.pid
  83. #MaxStartups 10
  84. #PermitTunnel no
  85. #ChrootDirectory none
  86. # no default banner path
  87. #Banner none
  88. # override default of no subsystems
  89. Subsystem sftp /usr/libexec/sftp-server
  90. # Example of overriding settings on a per-user basis
  91. #Match User anoncvs
  92. # X11Forwarding no
  93. # AllowTcpForwarding no
  94. # ForceCommand cvs server