Annotation of elwix/config/etc/default/ssh/sshd_config, revision 1.1
1.1 ! misho 1: # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
! 2: # $FreeBSD: src/crypto/openssh/sshd_config,v 1.53 2010/04/28 10:36:33 des Exp $
! 3:
! 4: # This is the sshd server system-wide configuration file. See
! 5: # sshd_config(5) for more information.
! 6:
! 7: # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
! 8:
! 9: # The strategy used for options in the default sshd_config shipped with
! 10: # OpenSSH is to specify options with their default value where
! 11: # possible, but leave them commented. Uncommented options change a
! 12: # default value.
! 13:
! 14: # Note that some of FreeBSD's defaults differ from OpenBSD's, and
! 15: # FreeBSD has a few additional options.
! 16:
! 17: #VersionAddendum FreeBSD-20100428
! 18:
! 19: #Port 22
! 20: #AddressFamily any
! 21: #ListenAddress 0.0.0.0
! 22: #ListenAddress ::
! 23:
! 24: # The default requires explicit activation of protocol 1
! 25: #Protocol 2
! 26:
! 27: # HostKey for protocol version 1
! 28: #HostKey /etc/ssh/ssh_host_key
! 29: # HostKeys for protocol version 2
! 30: #HostKey /etc/ssh/ssh_host_rsa_key
! 31: #HostKey /etc/ssh/ssh_host_dsa_key
! 32:
! 33: # Lifetime and size of ephemeral version 1 server key
! 34: #KeyRegenerationInterval 1h
! 35: #ServerKeyBits 1024
! 36:
! 37: # Logging
! 38: # obsoletes QuietMode and FascistLogging
! 39: #SyslogFacility AUTH
! 40: #LogLevel INFO
! 41:
! 42: # Authentication:
! 43:
! 44: #LoginGraceTime 2m
! 45: PermitRootLogin yes
! 46: #StrictModes yes
! 47: #MaxAuthTries 6
! 48: #MaxSessions 10
! 49:
! 50: #RSAAuthentication yes
! 51: #PubkeyAuthentication yes
! 52: #AuthorizedKeysFile .ssh/authorized_keys
! 53:
! 54: # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
! 55: #RhostsRSAAuthentication no
! 56: # similar for protocol version 2
! 57: #HostbasedAuthentication no
! 58: # Change to yes if you don't trust ~/.ssh/known_hosts for
! 59: # RhostsRSAAuthentication and HostbasedAuthentication
! 60: #IgnoreUserKnownHosts no
! 61: # Don't read the user's ~/.rhosts and ~/.shosts files
! 62: #IgnoreRhosts yes
! 63:
! 64: # Change to yes to enable built-in password authentication.
! 65: PasswordAuthentication yes
! 66: #PermitEmptyPasswords no
! 67:
! 68: # Change to no to disable PAM authentication
! 69: #ChallengeResponseAuthentication yes
! 70:
! 71: # Kerberos options
! 72: #KerberosAuthentication no
! 73: #KerberosOrLocalPasswd yes
! 74: #KerberosTicketCleanup yes
! 75: #KerberosGetAFSToken no
! 76:
! 77: # GSSAPI options
! 78: #GSSAPIAuthentication no
! 79: #GSSAPICleanupCredentials yes
! 80:
! 81: # Set this to 'no' to disable PAM authentication, account processing,
! 82: # and session processing. If this is enabled, PAM authentication will
! 83: # be allowed through the ChallengeResponseAuthentication and
! 84: # PasswordAuthentication. Depending on your PAM configuration,
! 85: # PAM authentication via ChallengeResponseAuthentication may bypass
! 86: # the setting of "PermitRootLogin without-password".
! 87: # If you just want the PAM account and session checks to run without
! 88: # PAM authentication, then enable this but set PasswordAuthentication
! 89: # and ChallengeResponseAuthentication to 'no'.
! 90: #UsePAM yes
! 91:
! 92: #AllowAgentForwarding yes
! 93: #AllowTcpForwarding yes
! 94: #GatewayPorts no
! 95: #X11Forwarding yes
! 96: #X11DisplayOffset 10
! 97: #X11UseLocalhost yes
! 98: #PrintMotd yes
! 99: #PrintLastLog yes
! 100: #TCPKeepAlive yes
! 101: #UseLogin no
! 102: #UsePrivilegeSeparation yes
! 103: #PermitUserEnvironment no
! 104: #Compression delayed
! 105: ClientAliveInterval 5
! 106: ClientAliveCountMax 3
! 107: UseDNS no
! 108: #PidFile /var/run/sshd.pid
! 109: #MaxStartups 10
! 110: #PermitTunnel no
! 111: #ChrootDirectory none
! 112:
! 113: # no default banner path
! 114: #Banner none
! 115:
! 116: # override default of no subsystems
! 117: Subsystem sftp /usr/libexec/sftp-server
! 118:
! 119: # Example of overriding settings on a per-user basis
! 120: #Match User anoncvs
! 121: # X11Forwarding no
! 122: # AllowTcpForwarding no
! 123: # ForceCommand cvs server
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>