Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / openssh / bd77cf78387b72b7b3ea870459077672bf75c3b5 / . / sshd_config
blob: 473e8665487093242cfbca08a4de109a37a9806f [file] [log] [blame]
Greg Hartmanbd77cf72015-02-25 13:21:06 -0800[diff] [blame^]1# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $
2
3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information.
5
6# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7
8# The strategy used for options in the default sshd_config shipped with
9# OpenSSH is to specify options with their default value where
10# possible, but leave them commented. Uncommented options override the
11# default value.
12
13#Port 22
14#AddressFamily any
15#ListenAddress 0.0.0.0
16#ListenAddress ::
17
18# The default requires explicit activation of protocol 1
19#Protocol 2
20
21# HostKey for protocol version 1
22#HostKey /etc/ssh/ssh_host_key
23# HostKeys for protocol version 2
24#HostKey /etc/ssh/ssh_host_rsa_key
25#HostKey /etc/ssh/ssh_host_dsa_key
26#HostKey /etc/ssh/ssh_host_ecdsa_key
27
28# Lifetime and size of ephemeral version 1 server key
29#KeyRegenerationInterval 1h
30#ServerKeyBits 1024
31
32# Logging
33# obsoletes QuietMode and FascistLogging
34#SyslogFacility AUTH
35#LogLevel INFO
36
37# Authentication:
38
39#LoginGraceTime 2m
40#PermitRootLogin yes
41#StrictModes yes
42#MaxAuthTries 6
43#MaxSessions 10
44
45#RSAAuthentication yes
46#PubkeyAuthentication yes
47
48# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
49# but this is overridden so installations will only check .ssh/authorized_keys
50AuthorizedKeysFile .ssh/authorized_keys
51
52# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
53#RhostsRSAAuthentication no
54# similar for protocol version 2
55#HostbasedAuthentication no
56# Change to yes if you don't trust ~/.ssh/known_hosts for
57# RhostsRSAAuthentication and HostbasedAuthentication
58#IgnoreUserKnownHosts no
59# Don't read the user's ~/.rhosts and ~/.shosts files
60#IgnoreRhosts yes
61
62# To disable tunneled clear text passwords, change to no here!
63#PasswordAuthentication yes
64#PermitEmptyPasswords no
65
66# Change to no to disable s/key passwords
67#ChallengeResponseAuthentication yes
68
69# Kerberos options
70#KerberosAuthentication no
71#KerberosOrLocalPasswd yes
72#KerberosTicketCleanup yes
73#KerberosGetAFSToken no
74
75# GSSAPI options
76#GSSAPIAuthentication no
77#GSSAPICleanupCredentials yes
78
79# Set this to 'yes' to enable PAM authentication, account processing,
80# and session processing. If this is enabled, PAM authentication will
81# be allowed through the ChallengeResponseAuthentication and
82# PasswordAuthentication. Depending on your PAM configuration,
83# PAM authentication via ChallengeResponseAuthentication may bypass
84# the setting of "PermitRootLogin without-password".
85# If you just want the PAM account and session checks to run without
86# PAM authentication, then enable this but set PasswordAuthentication
87# and ChallengeResponseAuthentication to 'no'.
88#UsePAM no
89
90#AllowAgentForwarding yes
91#AllowTcpForwarding yes
92#GatewayPorts no
93#X11Forwarding no
94#X11DisplayOffset 10
95#X11UseLocalhost yes
96#PrintMotd yes
97#PrintLastLog yes
98#TCPKeepAlive yes
99#UseLogin no
100#UsePrivilegeSeparation yes
101#PermitUserEnvironment no
102#Compression delayed
103#ClientAliveInterval 0
104#ClientAliveCountMax 3
105#UseDNS yes
106#PidFile /var/run/sshd.pid
107#MaxStartups 10
108#PermitTunnel no
109#ChrootDirectory none
110
111# no default banner path
112#Banner none
113
114# override default of no subsystems
115Subsystem sftp /usr/libexec/sftp-server
116
117# Example of overriding settings on a per-user basis
118#Match User anoncvs
119# X11Forwarding no
120# AllowTcpForwarding no
121# ForceCommand cvs server