Annotation of elwix/config/etc/default/ssh/sshd_config, revision 1.1.1.1.2.1

1.1.1.1.2.1! misho       1: #      $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
        !             2: #      $FreeBSD: src/crypto/openssh/sshd_config,v 1.55 2011/05/04 07:34:44 des Exp $
1.1       misho       3: 
                      4: # This is the sshd server system-wide configuration file.  See
                      5: # sshd_config(5) for more information.
                      6: 
                      7: # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
                      8: 
                      9: # The strategy used for options in the default sshd_config shipped with
                     10: # OpenSSH is to specify options with their default value where
                     11: # possible, but leave them commented.  Uncommented options change a
                     12: # default value.
                     13: 
                     14: # Note that some of FreeBSD's defaults differ from OpenBSD's, and
                     15: # FreeBSD has a few additional options.
                     16: 
1.1.1.1.2.1! misho      17: #VersionAddendum FreeBSD-20110503
1.1       misho      18: 
                     19: #Port 22
                     20: #AddressFamily any
                     21: #ListenAddress 0.0.0.0
                     22: #ListenAddress ::
                     23: 
                     24: # The default requires explicit activation of protocol 1
                     25: #Protocol 2
                     26: 
                     27: # HostKey for protocol version 1
                     28: #HostKey /etc/ssh/ssh_host_key
                     29: # HostKeys for protocol version 2
                     30: #HostKey /etc/ssh/ssh_host_rsa_key
                     31: #HostKey /etc/ssh/ssh_host_dsa_key
1.1.1.1.2.1! misho      32: #HostKey /etc/ssh/ssh_host_ecdsa_key
1.1       misho      33: 
                     34: # Lifetime and size of ephemeral version 1 server key
                     35: #KeyRegenerationInterval 1h
                     36: #ServerKeyBits 1024
                     37: 
                     38: # Logging
                     39: # obsoletes QuietMode and FascistLogging
                     40: #SyslogFacility AUTH
                     41: #LogLevel INFO
                     42: 
                     43: # Authentication:
                     44: 
                     45: #LoginGraceTime 2m
                     46: PermitRootLogin yes
                     47: #StrictModes yes
                     48: #MaxAuthTries 6
                     49: #MaxSessions 10
                     50: 
                     51: #RSAAuthentication yes
                     52: #PubkeyAuthentication yes
                     53: #AuthorizedKeysFile    .ssh/authorized_keys
                     54: 
                     55: # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
                     56: #RhostsRSAAuthentication no
                     57: # similar for protocol version 2
                     58: #HostbasedAuthentication no
                     59: # Change to yes if you don't trust ~/.ssh/known_hosts for
                     60: # RhostsRSAAuthentication and HostbasedAuthentication
                     61: #IgnoreUserKnownHosts no
                     62: # Don't read the user's ~/.rhosts and ~/.shosts files
                     63: #IgnoreRhosts yes
                     64: 
                     65: # Change to yes to enable built-in password authentication.
                     66: PasswordAuthentication yes
                     67: #PermitEmptyPasswords no
                     68: 
                     69: # Change to no to disable PAM authentication
                     70: #ChallengeResponseAuthentication yes
                     71: 
                     72: # Kerberos options
                     73: #KerberosAuthentication no
                     74: #KerberosOrLocalPasswd yes
                     75: #KerberosTicketCleanup yes
                     76: #KerberosGetAFSToken no
                     77: 
                     78: # GSSAPI options
                     79: #GSSAPIAuthentication no
                     80: #GSSAPICleanupCredentials yes
                     81: 
                     82: # Set this to 'no' to disable PAM authentication, account processing,
                     83: # and session processing. If this is enabled, PAM authentication will 
                     84: # be allowed through the ChallengeResponseAuthentication and
                     85: # PasswordAuthentication.  Depending on your PAM configuration,
                     86: # PAM authentication via ChallengeResponseAuthentication may bypass
                     87: # the setting of "PermitRootLogin without-password".
                     88: # If you just want the PAM account and session checks to run without
                     89: # PAM authentication, then enable this but set PasswordAuthentication
                     90: # and ChallengeResponseAuthentication to 'no'.
                     91: #UsePAM yes
                     92: 
                     93: #AllowAgentForwarding yes
                     94: #AllowTcpForwarding yes
                     95: #GatewayPorts no
                     96: #X11Forwarding yes
                     97: #X11DisplayOffset 10
                     98: #X11UseLocalhost yes
                     99: #PrintMotd yes
                    100: #PrintLastLog yes
                    101: #TCPKeepAlive yes
                    102: #UseLogin no
                    103: #UsePrivilegeSeparation yes
                    104: #PermitUserEnvironment no
                    105: #Compression delayed
                    106: ClientAliveInterval 5
                    107: ClientAliveCountMax 3
                    108: UseDNS no
                    109: #PidFile /var/run/sshd.pid
                    110: #MaxStartups 10
                    111: #PermitTunnel no
                    112: #ChrootDirectory none
                    113: 
                    114: # no default banner path
                    115: #Banner none
                    116: 
                    117: # override default of no subsystems
                    118: Subsystem      sftp    /usr/libexec/sftp-server
                    119: 
                    120: # Example of overriding settings on a per-user basis
                    121: #Match User anoncvs
                    122: #      X11Forwarding no
                    123: #      AllowTcpForwarding no
                    124: #      ForceCommand cvs server

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>