Ben Lindstrom | bdc2beb | 2001-04-16 02:11:52 +0000 | [diff] [blame] | 1 | # $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $ |
Ben Lindstrom | 36579d3 | 2001-01-29 07:39:26 +0000 | [diff] [blame] | 2 | |
Tim Rice | 59ea0a0 | 2001-03-10 13:50:45 -0800 | [diff] [blame] | 3 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin |
| 4 | |
Damien Miller | 3380426 | 2001-02-04 23:20:18 +1100 | [diff] [blame] | 5 | # This is the sshd server system-wide configuration file. See sshd(8) |
| 6 | # for more information. |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 7 | |
| 8 | Port 22 |
Damien Miller | 8bb73be | 2000-04-19 16:26:12 +1000 | [diff] [blame] | 9 | #Protocol 2,1 |
Kevin Steves | 8ee4f69 | 2001-01-09 15:28:46 +0000 | [diff] [blame] | 10 | #ListenAddress 0.0.0.0 |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 11 | #ListenAddress :: |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 12 | HostKey /etc/ssh_host_key |
Ben Lindstrom | 531a445 | 2001-03-05 05:17:18 +0000 | [diff] [blame] | 13 | HostKey /etc/ssh_host_rsa_key |
Ben Lindstrom | 4b00c8b | 2001-03-05 06:05:35 +0000 | [diff] [blame] | 14 | HostKey /etc/ssh_host_dsa_key |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 15 | ServerKeyBits 768 |
| 16 | LoginGraceTime 600 |
| 17 | KeyRegenerationInterval 3600 |
| 18 | PermitRootLogin yes |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 19 | # |
| 20 | # Don't read ~/.rhosts and ~/.shosts files |
| 21 | IgnoreRhosts yes |
| 22 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication |
| 23 | #IgnoreUserKnownHosts yes |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 24 | StrictModes yes |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 25 | X11Forwarding no |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 26 | X11DisplayOffset 10 |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 27 | PrintMotd yes |
Ben Lindstrom | 7bfff36 | 2001-03-26 05:45:53 +0000 | [diff] [blame] | 28 | #PrintLastLog no |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 29 | KeepAlive yes |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 30 | |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 31 | # Logging |
Kevin Steves | 8ee4f69 | 2001-01-09 15:28:46 +0000 | [diff] [blame] | 32 | SyslogFacility AUTH |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 33 | LogLevel INFO |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 34 | #obsoletes QuietMode and FascistLogging |
Damien Miller | 9ba3024 | 1999-11-11 21:07:00 +1100 | [diff] [blame] | 35 | |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 36 | RhostsAuthentication no |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 37 | # |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 38 | # For this to work you will also need host keys in /etc/ssh_known_hosts |
| 39 | RhostsRSAAuthentication no |
Ben Lindstrom | 5eabda3 | 2001-04-12 23:34:34 +0000 | [diff] [blame] | 40 | # similar for protocol version 2 |
| 41 | HostbasedAuthentication no |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 42 | # |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 43 | RSAAuthentication yes |
| 44 | |
| 45 | # To disable tunneled clear text passwords, change to no here! |
| 46 | PasswordAuthentication yes |
| 47 | PermitEmptyPasswords no |
Damien Miller | 3380426 | 2001-02-04 23:20:18 +1100 | [diff] [blame] | 48 | |
Damien Miller | 1d66c16 | 2001-03-04 00:16:20 +1100 | [diff] [blame] | 49 | # Comment to enable s/key passwords or PAM interactive authentication |
Damien Miller | f85b4d7 | 2001-03-04 00:19:00 +1100 | [diff] [blame] | 50 | # NB. Neither of these are compiled in by default. Please read the |
| 51 | # notes in the sshd(8) manpage before enabling this on a PAM system. |
Damien Miller | 1d66c16 | 2001-03-04 00:16:20 +1100 | [diff] [blame] | 52 | ChallengeResponseAuthentication no |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 53 | |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 54 | # To change Kerberos options |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 55 | #KerberosAuthentication no |
| 56 | #KerberosOrLocalPasswd yes |
| 57 | #AFSTokenPassing no |
| 58 | #KerberosTicketCleanup no |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 59 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 60 | # Kerberos TGT Passing does only work with the AFS kaserver |
| 61 | #KerberosTgtPassing yes |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 62 | |
Kevin Steves | 8ee4f69 | 2001-01-09 15:28:46 +0000 | [diff] [blame] | 63 | #CheckMail yes |
Damien Miller | c30d35c | 2000-08-30 09:40:09 +1100 | [diff] [blame] | 64 | #UseLogin no |
Damien Miller | f6d9e22 | 2000-06-18 14:50:44 +1000 | [diff] [blame] | 65 | |
Damien Miller | 942da03 | 2000-08-18 13:59:06 +1000 | [diff] [blame] | 66 | #MaxStartups 10:30:60 |
Ben Lindstrom | 48bd7c1 | 2001-01-09 00:35:42 +0000 | [diff] [blame] | 67 | #Banner /etc/issue.net |
Damien Miller | 3380426 | 2001-02-04 23:20:18 +1100 | [diff] [blame] | 68 | #ReverseMappingCheck yes |
Ben Lindstrom | e9d0444 | 2001-02-10 23:26:35 +0000 | [diff] [blame] | 69 | |
| 70 | Subsystem sftp /usr/libexec/sftp-server |