Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 1 | # This is ssh server systemwide configuration file. |
| 2 | |
| 3 | Port 22 |
| 4 | ListenAddress 0.0.0.0 |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame^] | 5 | #ListenAddress :: |
Damien Miller | c0d7390 | 1999-12-27 09:23:58 +1100 | [diff] [blame] | 6 | HostKey @sysconfdir@/ssh_host_key |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 7 | ServerKeyBits 768 |
| 8 | LoginGraceTime 600 |
| 9 | KeyRegenerationInterval 3600 |
| 10 | PermitRootLogin yes |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 11 | StrictModes yes |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 12 | X11Forwarding no |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 13 | X11DisplayOffset 10 |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 14 | PrintMotd yes |
| 15 | KeepAlive yes |
Damien Miller | 9ba3024 | 1999-11-11 21:07:00 +1100 | [diff] [blame] | 16 | CheckMail no |
| 17 | UseLogin no |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 18 | |
| 19 | # |
| 20 | # Loglevel replaces QuietMode and FascistLogging |
| 21 | # |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 22 | SyslogFacility AUTH |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 23 | LogLevel INFO |
Damien Miller | 9ba3024 | 1999-11-11 21:07:00 +1100 | [diff] [blame] | 24 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 25 | # |
Damien Miller | a37010e | 1999-10-29 09:18:29 +1000 | [diff] [blame] | 26 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 27 | # |
Damien Miller | 9ba3024 | 1999-11-11 21:07:00 +1100 | [diff] [blame] | 28 | RhostsRSAAuthentication no |
| 29 | |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 30 | # |
| 31 | # Don't read ~/.rhosts and ~/.shosts files |
| 32 | # |
| 33 | IgnoreRhosts yes |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 34 | RhostsAuthentication no |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 35 | |
| 36 | # |
| 37 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication |
| 38 | # |
| 39 | #IgnoreUserKnownHosts yes |
| 40 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 41 | RSAAuthentication yes |
| 42 | |
| 43 | # To disable tunneled clear text passwords, change to no here! |
| 44 | PasswordAuthentication yes |
| 45 | PermitEmptyPasswords no |
Damien Miller | 9ba3024 | 1999-11-11 21:07:00 +1100 | [diff] [blame] | 46 | |
| 47 | # |
| 48 | # Uncomment to disable s/key passwords (must be compiled with s/key support) |
| 49 | # |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 50 | #SkeyAuthentication no |
| 51 | |
Damien Miller | 9ba3024 | 1999-11-11 21:07:00 +1100 | [diff] [blame] | 52 | # |
| 53 | # To change Kerberos options (must be compiled with Kerberos support) |
| 54 | # |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 55 | #KerberosAuthentication no |
| 56 | #KerberosOrLocalPasswd yes |
| 57 | #AFSTokenPassing no |
| 58 | #KerberosTicketCleanup no |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 59 | # Kerberos TGT Passing does only work with the AFS kaserver |
| 60 | #KerberosTgtPassing yes |