sshd_config (3283B)
1 # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ 2 3 # This is the sshd server system-wide configuration file. See 4 # sshd_config(5) for more information. 5 6 # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 7 8 # The strategy used for options in the default sshd_config shipped with 9 # OpenSSH is to specify options with their default value where 10 # possible, but leave them commented. Uncommented options override the 11 # default value. 12 13 #Port 22 14 #AddressFamily any 15 #ListenAddress 0.0.0.0 16 #ListenAddress :: 17 18 #HostKey /etc/ssh/ssh_host_rsa_key 19 #HostKey /etc/ssh/ssh_host_ecdsa_key 20 #HostKey /etc/ssh/ssh_host_ed25519_key 21 22 # Ciphers and keying 23 #RekeyLimit default none 24 25 # Logging 26 #SyslogFacility AUTH 27 #LogLevel INFO 28 29 # Authentication: 30 31 #LoginGraceTime 2m 32 PermitRootLogin yes 33 #StrictModes yes 34 #MaxAuthTries 6 35 #MaxSessions 10 36 37 #PubkeyAuthentication yes 38 39 # Expect .ssh/authorized_keys2 to be disregarded by default in future. 40 #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 41 42 #AuthorizedPrincipalsFile none 43 44 #AuthorizedKeysCommand none 45 #AuthorizedKeysCommandUser nobody 46 47 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 48 #HostbasedAuthentication no 49 # Change to yes if you don't trust ~/.ssh/known_hosts for 50 # HostbasedAuthentication 51 #IgnoreUserKnownHosts no 52 # Don't read the user's ~/.rhosts and ~/.shosts files 53 #IgnoreRhosts yes 54 55 # To disable tunneled clear text passwords, change to no here! 56 #PasswordAuthentication yes 57 #PermitEmptyPasswords no 58 59 # Change to yes to enable challenge-response passwords (beware issues with 60 # some PAM modules and threads) 61 ChallengeResponseAuthentication no 62 63 # Kerberos options 64 #KerberosAuthentication no 65 #KerberosOrLocalPasswd yes 66 #KerberosTicketCleanup yes 67 #KerberosGetAFSToken no 68 69 # GSSAPI options 70 #GSSAPIAuthentication no 71 #GSSAPICleanupCredentials yes 72 #GSSAPIStrictAcceptorCheck yes 73 #GSSAPIKeyExchange no 74 75 # Set this to 'yes' to enable PAM authentication, account processing, 76 # and session processing. If this is enabled, PAM authentication will 77 # be allowed through the ChallengeResponseAuthentication and 78 # PasswordAuthentication. Depending on your PAM configuration, 79 # PAM authentication via ChallengeResponseAuthentication may bypass 80 # the setting of "PermitRootLogin without-password". 81 # If you just want the PAM account and session checks to run without 82 # PAM authentication, then enable this but set PasswordAuthentication 83 # and ChallengeResponseAuthentication to 'no'. 84 UsePAM yes 85 86 #AllowAgentForwarding yes 87 #AllowTcpForwarding yes 88 #GatewayPorts no 89 X11Forwarding yes 90 #X11DisplayOffset 10 91 #X11UseLocalhost yes 92 #PermitTTY yes 93 PrintMotd no 94 #PrintLastLog yes 95 #TCPKeepAlive yes 96 #UseLogin no 97 #UsePrivilegeSeparation sandbox 98 #PermitUserEnvironment no 99 #Compression delayed 100 #ClientAliveInterval 0 101 #ClientAliveCountMax 3 102 #UseDNS no 103 #PidFile /var/run/sshd.pid 104 #MaxStartups 10:30:100 105 #PermitTunnel no 106 #ChrootDirectory none 107 #VersionAddendum none 108 109 # no default banner path 110 #Banner none 111 112 # Allow client to pass locale environment variables 113 AcceptEnv LANG LC_* 114 115 # override default of no subsystems 116 Subsystem sftp /usr/lib/openssh/sftp-server 117 118 # Example of overriding settings on a per-user basis 119 #Match User anoncvs 120 # X11Forwarding no 121 # AllowTcpForwarding no 122 # PermitTTY no 123 # ForceCommand cvs server