1: # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
2: # $FreeBSD: src/crypto/openssh/sshd_config,v 1.53 2010/04/28 10:36:33 des Exp $
3:
4: # This is the sshd server system-wide configuration file. See
5: # sshd_config(5) for more information.
6:
7: # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8:
9: # The strategy used for options in the default sshd_config shipped with
10: # OpenSSH is to specify options with their default value where
11: # possible, but leave them commented. Uncommented options change a
12: # default value.
13:
14: # Note that some of FreeBSD's defaults differ from OpenBSD's, and
15: # FreeBSD has a few additional options.
16:
17: #VersionAddendum FreeBSD-20100428
18:
19: #Port 22
20: #AddressFamily any
21: #ListenAddress 0.0.0.0
22: #ListenAddress ::
23:
24: # The default requires explicit activation of protocol 1
25: #Protocol 2
26:
27: # HostKey for protocol version 1
28: #HostKey /etc/ssh/ssh_host_key
29: # HostKeys for protocol version 2
30: #HostKey /etc/ssh/ssh_host_rsa_key
31: #HostKey /etc/ssh/ssh_host_dsa_key
32:
33: # Lifetime and size of ephemeral version 1 server key
34: #KeyRegenerationInterval 1h
35: #ServerKeyBits 1024
36:
37: # Logging
38: # obsoletes QuietMode and FascistLogging
39: #SyslogFacility AUTH
40: #LogLevel INFO
41:
42: # Authentication:
43:
44: #LoginGraceTime 2m
45: PermitRootLogin yes
46: #StrictModes yes
47: #MaxAuthTries 6
48: #MaxSessions 10
49:
50: #RSAAuthentication yes
51: #PubkeyAuthentication yes
52: #AuthorizedKeysFile .ssh/authorized_keys
53:
54: # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
55: #RhostsRSAAuthentication no
56: # similar for protocol version 2
57: #HostbasedAuthentication no
58: # Change to yes if you don't trust ~/.ssh/known_hosts for
59: # RhostsRSAAuthentication and HostbasedAuthentication
60: #IgnoreUserKnownHosts no
61: # Don't read the user's ~/.rhosts and ~/.shosts files
62: #IgnoreRhosts yes
63:
64: # Change to yes to enable built-in password authentication.
65: PasswordAuthentication yes
66: #PermitEmptyPasswords no
67:
68: # Change to no to disable PAM authentication
69: #ChallengeResponseAuthentication yes
70:
71: # Kerberos options
72: #KerberosAuthentication no
73: #KerberosOrLocalPasswd yes
74: #KerberosTicketCleanup yes
75: #KerberosGetAFSToken no
76:
77: # GSSAPI options
78: #GSSAPIAuthentication no
79: #GSSAPICleanupCredentials yes
80:
81: # Set this to 'no' to disable PAM authentication, account processing,
82: # and session processing. If this is enabled, PAM authentication will
83: # be allowed through the ChallengeResponseAuthentication and
84: # PasswordAuthentication. Depending on your PAM configuration,
85: # PAM authentication via ChallengeResponseAuthentication may bypass
86: # the setting of "PermitRootLogin without-password".
87: # If you just want the PAM account and session checks to run without
88: # PAM authentication, then enable this but set PasswordAuthentication
89: # and ChallengeResponseAuthentication to 'no'.
90: #UsePAM yes
91:
92: #AllowAgentForwarding yes
93: #AllowTcpForwarding yes
94: #GatewayPorts no
95: #X11Forwarding yes
96: #X11DisplayOffset 10
97: #X11UseLocalhost yes
98: #PrintMotd yes
99: #PrintLastLog yes
100: #TCPKeepAlive yes
101: #UseLogin no
102: #UsePrivilegeSeparation yes
103: #PermitUserEnvironment no
104: #Compression delayed
105: ClientAliveInterval 5
106: ClientAliveCountMax 3
107: UseDNS no
108: #PidFile /var/run/sshd.pid
109: #MaxStartups 10
110: #PermitTunnel no
111: #ChrootDirectory none
112:
113: # no default banner path
114: #Banner none
115:
116: # override default of no subsystems
117: Subsystem sftp /usr/libexec/sftp-server
118:
119: # Example of overriding settings on a per-user basis
120: #Match User anoncvs
121: # X11Forwarding no
122: # AllowTcpForwarding no
123: # ForceCommand cvs server
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>