blob: fda1456e6818c486a10e49ffde3fbc41ac7805a5 [file] [log] [blame]
Ben Lindstrombdc2beb2001-04-16 02:11:52 +00001# $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
Ben Lindstrom36579d32001-01-29 07:39:26 +00002
Tim Rice59ea0a02001-03-10 13:50:45 -08003# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
4
Damien Miller33804262001-02-04 23:20:18 +11005# This is the sshd server system-wide configuration file. See sshd(8)
6# for more information.
Damien Millerd4a8b7e1999-10-27 13:42:43 +10007
8Port 22
Damien Miller8bb73be2000-04-19 16:26:12 +10009#Protocol 2,1
Kevin Steves8ee4f692001-01-09 15:28:46 +000010#ListenAddress 0.0.0.0
Damien Miller34132e52000-01-14 15:45:46 +110011#ListenAddress ::
Damien Miller886c63a2000-01-20 23:13:36 +110012HostKey /etc/ssh_host_key
Ben Lindstrom531a4452001-03-05 05:17:18 +000013HostKey /etc/ssh_host_rsa_key
Ben Lindstrom4b00c8b2001-03-05 06:05:35 +000014HostKey /etc/ssh_host_dsa_key
Damien Millerd4a8b7e1999-10-27 13:42:43 +100015ServerKeyBits 768
16LoginGraceTime 600
17KeyRegenerationInterval 3600
18PermitRootLogin yes
Damien Miller886c63a2000-01-20 23:13:36 +110019#
20# Don't read ~/.rhosts and ~/.shosts files
21IgnoreRhosts yes
22# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
23#IgnoreUserKnownHosts yes
Damien Millerd4a8b7e1999-10-27 13:42:43 +100024StrictModes yes
Damien Miller32265091999-11-12 11:33:04 +110025X11Forwarding no
Damien Millerd4a8b7e1999-10-27 13:42:43 +100026X11DisplayOffset 10
Damien Millerd4a8b7e1999-10-27 13:42:43 +100027PrintMotd yes
Ben Lindstrom7bfff362001-03-26 05:45:53 +000028#PrintLastLog no
Damien Millerd4a8b7e1999-10-27 13:42:43 +100029KeepAlive yes
Damien Miller192bd011999-11-13 23:56:35 +110030
Damien Miller886c63a2000-01-20 23:13:36 +110031# Logging
Kevin Steves8ee4f692001-01-09 15:28:46 +000032SyslogFacility AUTH
Damien Miller192bd011999-11-13 23:56:35 +110033LogLevel INFO
Damien Miller886c63a2000-01-20 23:13:36 +110034#obsoletes QuietMode and FascistLogging
Damien Miller9ba30241999-11-11 21:07:00 +110035
Damien Miller192bd011999-11-13 23:56:35 +110036RhostsAuthentication no
Damien Miller32265091999-11-12 11:33:04 +110037#
Damien Miller886c63a2000-01-20 23:13:36 +110038# For this to work you will also need host keys in /etc/ssh_known_hosts
39RhostsRSAAuthentication no
Ben Lindstrom5eabda32001-04-12 23:34:34 +000040# similar for protocol version 2
41HostbasedAuthentication no
Damien Miller32265091999-11-12 11:33:04 +110042#
Damien Millerd4a8b7e1999-10-27 13:42:43 +100043RSAAuthentication yes
44
45# To disable tunneled clear text passwords, change to no here!
46PasswordAuthentication yes
47PermitEmptyPasswords no
Damien Miller33804262001-02-04 23:20:18 +110048
Damien Miller1d66c162001-03-04 00:16:20 +110049# Comment to enable s/key passwords or PAM interactive authentication
Damien Millerf85b4d72001-03-04 00:19:00 +110050# NB. Neither of these are compiled in by default. Please read the
51# notes in the sshd(8) manpage before enabling this on a PAM system.
Damien Miller1d66c162001-03-04 00:16:20 +110052ChallengeResponseAuthentication no
Damien Millerd4a8b7e1999-10-27 13:42:43 +100053
Damien Miller886c63a2000-01-20 23:13:36 +110054# To change Kerberos options
Damien Millerd4a8b7e1999-10-27 13:42:43 +100055#KerberosAuthentication no
56#KerberosOrLocalPasswd yes
57#AFSTokenPassing no
58#KerberosTicketCleanup no
Damien Miller886c63a2000-01-20 23:13:36 +110059
Damien Millerd4a8b7e1999-10-27 13:42:43 +100060# Kerberos TGT Passing does only work with the AFS kaserver
61#KerberosTgtPassing yes
Damien Miller886c63a2000-01-20 23:13:36 +110062
Kevin Steves8ee4f692001-01-09 15:28:46 +000063#CheckMail yes
Damien Millerc30d35c2000-08-30 09:40:09 +110064#UseLogin no
Damien Millerf6d9e222000-06-18 14:50:44 +100065
Damien Miller942da032000-08-18 13:59:06 +100066#MaxStartups 10:30:60
Ben Lindstrom48bd7c12001-01-09 00:35:42 +000067#Banner /etc/issue.net
Damien Miller33804262001-02-04 23:20:18 +110068#ReverseMappingCheck yes
Ben Lindstrome9d04442001-02-10 23:26:35 +000069
70Subsystem sftp /usr/libexec/sftp-server