Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 1c52ee3e6f2653a474c8a31aafa5a7e595dd8081 / . / sshd_config
blob: a2bd2ff60db3d25457618f4c5f7cf19675dd5376 [file] [log] [blame]
Darren Tuckerec960f22003-08-13 20:37:05 +1000[diff] [blame]1# $OpenBSD: sshd_config,v 1.63 2003/08/13 08:46:31 markus Exp $
Tim Rice59ea0a02001-03-10 13:50:45 -0800[diff] [blame]2
Ben Lindstrom9721e922002-06-21 01:06:03 +0000[diff] [blame]3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information.
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]5
Tim Rice1e2c6002002-01-30 22:14:03 -0800[diff] [blame]6# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7
Damien Miller95ca7e92002-02-19 15:29:02 +1100[diff] [blame]8# The strategy used for options in the default sshd_config shipped with
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]9# OpenSSH is to specify options with their default value where
10# possible, but leave them commented. Uncommented options change a
11# default value.
12
13#Port 22
Damien Miller8bb73be2000-04-19 16:26:12 +1000[diff] [blame]14#Protocol 2,1
Kevin Steves8ee4f692001-01-09 15:28:46 +0000[diff] [blame]15#ListenAddress 0.0.0.0
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]16#ListenAddress ::
Ben Lindstromc4b72252001-06-09 01:09:51 +0000[diff] [blame]17
18# HostKey for protocol version 1
Damien Miller05eda432002-02-10 18:32:28 +1100[diff] [blame]19#HostKey /etc/ssh/ssh_host_key
Ben Lindstromc4b72252001-06-09 01:09:51 +0000[diff] [blame]20# HostKeys for protocol version 2
Damien Miller05eda432002-02-10 18:32:28 +1100[diff] [blame]21#HostKey /etc/ssh/ssh_host_rsa_key
22#HostKey /etc/ssh/ssh_host_dsa_key
Ben Lindstromc4b72252001-06-09 01:09:51 +0000[diff] [blame]23
24# Lifetime and size of ephemeral version 1 server key
Darren Tuckerb8dae8e2003-06-22 20:48:45 +1000[diff] [blame]25#KeyRegenerationInterval 1h
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]26#ServerKeyBits 768
Damien Miller192bd011999-11-13 23:56:35 +1100[diff] [blame]27
Damien Miller886c63a2000-01-20 23:13:36 +1100[diff] [blame]28# Logging
Damien Miller886c63a2000-01-20 23:13:36 +1100[diff] [blame]29#obsoletes QuietMode and FascistLogging
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]30#SyslogFacility AUTH
31#LogLevel INFO
Damien Miller9ba30241999-11-11 21:07:00 +1100[diff] [blame]32
Ben Lindstromc4b72252001-06-09 01:09:51 +0000[diff] [blame]33# Authentication:
34
Darren Tuckerb8dae8e2003-06-22 20:48:45 +1000[diff] [blame]35#LoginGraceTime 2m
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]36#PermitRootLogin yes
37#StrictModes yes
Ben Lindstromc4b72252001-06-09 01:09:51 +0000[diff] [blame]38
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]39#RSAAuthentication yes
40#PubkeyAuthentication yes
41#AuthorizedKeysFile .ssh/authorized_keys
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]42
Damien Miller05eda432002-02-10 18:32:28 +1100[diff] [blame]43# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]44#RhostsRSAAuthentication no
Ben Lindstromc4b72252001-06-09 01:09:51 +0000[diff] [blame]45# similar for protocol version 2
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]46#HostbasedAuthentication no
47# Change to yes if you don't trust ~/.ssh/known_hosts for
48# RhostsRSAAuthentication and HostbasedAuthentication
49#IgnoreUserKnownHosts no
Darren Tuckerec960f22003-08-13 20:37:05 +1000[diff] [blame]50# Don't read the user's ~/.rhosts and ~/.shosts files
51#IgnoreRhosts yes
Ben Lindstromc4b72252001-06-09 01:09:51 +0000[diff] [blame]52
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]53# To disable tunneled clear text passwords, change to no here!
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]54#PasswordAuthentication yes
55#PermitEmptyPasswords no
Damien Miller33804262001-02-04 23:20:18 +1100[diff] [blame]56
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]57# Change to no to disable s/key passwords
58#ChallengeResponseAuthentication yes
Damien Millerf8154422001-04-25 22:44:14 +1000[diff] [blame]59
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]60# Kerberos options
Damien Millerd7de14b2002-04-23 21:04:51 +1000[diff] [blame]61#KerberosAuthentication no
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]62#KerberosOrLocalPasswd yes
63#KerberosTicketCleanup yes
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]64#KerberosTgtPassing no
65
Damien Miller2aa0ab42003-05-15 12:05:28 +1000[diff] [blame]66# Set this to 'yes' to enable PAM authentication (via challenge-response)
Damien Millere3e71242003-05-16 12:00:44 +1000[diff] [blame]67# and session processing. Depending on your PAM configuration, this may
68# bypass the setting of 'PasswordAuthentication'
69#UsePAM yes
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]70
Darren Tuckerb8dae8e2003-06-22 20:48:45 +1000[diff] [blame]71#AllowTcpForwarding yes
72#GatewayPorts no
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]73#X11Forwarding no
74#X11DisplayOffset 10
Damien Miller95c249f2002-02-05 12:11:34 +1100[diff] [blame]75#X11UseLocalhost yes
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]76#PrintMotd yes
77#PrintLastLog yes
78#KeepAlive yes
Damien Millerc30d35c2000-08-30 09:40:09 +1100[diff] [blame]79#UseLogin no
Ben Lindstromfb62a692002-06-06 19:47:11 +0000[diff] [blame]80#UsePrivilegeSeparation yes
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000[diff] [blame]81#PermitUserEnvironment no
Ben Lindstrom1b8d7302002-06-21 01:11:36 +0000[diff] [blame]82#Compression yes
Darren Tuckerb8dae8e2003-06-22 20:48:45 +1000[diff] [blame]83#ClientAliveInterval 0
84#ClientAliveCountMax 3
85#UseDNS yes
86#PidFile /var/run/sshd.pid
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]87#MaxStartups 10
Darren Tuckerb8dae8e2003-06-22 20:48:45 +1000[diff] [blame]88
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]89# no default banner path
90#Banner /some/path
Ben Lindstrome9d04442001-02-10 23:26:35 +0000[diff] [blame]91
Damien Miller2bec5c12002-01-22 23:32:07 +1100[diff] [blame]92# override default of no subsystems
Ben Lindstrome9d04442001-02-10 23:26:35 +0000[diff] [blame]93Subsystem sftp /usr/libexec/sftp-server