blob: 8f7f0e492e3f988bc6b6c533fbf1ef2ee2f05f3f [file] [log] [blame]
Damien Miller05eda432002-02-10 18:32:28 +11001# $OpenBSD: sshd_config,v 1.47 2002/02/09 17:37:34 deraadt Exp $
Tim Rice59ea0a02001-03-10 13:50:45 -08002
Damien Miller33804262001-02-04 23:20:18 +11003# This is the sshd server system-wide configuration file. See sshd(8)
4# for more information.
Damien Millerd4a8b7e1999-10-27 13:42:43 +10005
Tim Rice1e2c6002002-01-30 22:14:03 -08006# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7
Damien Miller95ca7e92002-02-19 15:29:02 +11008# The strategy used for options in the default sshd_config shipped with
Damien Miller2bec5c12002-01-22 23:32:07 +11009# OpenSSH is to specify options with their default value where
10# possible, but leave them commented. Uncommented options change a
11# default value.
12
13#Port 22
Damien Miller8bb73be2000-04-19 16:26:12 +100014#Protocol 2,1
Kevin Steves8ee4f692001-01-09 15:28:46 +000015#ListenAddress 0.0.0.0
Damien Miller34132e52000-01-14 15:45:46 +110016#ListenAddress ::
Ben Lindstromc4b72252001-06-09 01:09:51 +000017
18# HostKey for protocol version 1
Damien Miller05eda432002-02-10 18:32:28 +110019#HostKey /etc/ssh/ssh_host_key
Ben Lindstromc4b72252001-06-09 01:09:51 +000020# HostKeys for protocol version 2
Damien Miller05eda432002-02-10 18:32:28 +110021#HostKey /etc/ssh/ssh_host_rsa_key
22#HostKey /etc/ssh/ssh_host_dsa_key
Ben Lindstromc4b72252001-06-09 01:09:51 +000023
24# Lifetime and size of ephemeral version 1 server key
Damien Miller2bec5c12002-01-22 23:32:07 +110025#KeyRegenerationInterval 3600
26#ServerKeyBits 768
Damien Miller192bd011999-11-13 23:56:35 +110027
Damien Miller886c63a2000-01-20 23:13:36 +110028# Logging
Damien Miller886c63a2000-01-20 23:13:36 +110029#obsoletes QuietMode and FascistLogging
Damien Miller2bec5c12002-01-22 23:32:07 +110030#SyslogFacility AUTH
31#LogLevel INFO
Damien Miller9ba30241999-11-11 21:07:00 +110032
Ben Lindstromc4b72252001-06-09 01:09:51 +000033# Authentication:
34
Damien Miller2bec5c12002-01-22 23:32:07 +110035#LoginGraceTime 600
36#PermitRootLogin yes
37#StrictModes yes
Ben Lindstromc4b72252001-06-09 01:09:51 +000038
Damien Miller2bec5c12002-01-22 23:32:07 +110039#RSAAuthentication yes
40#PubkeyAuthentication yes
41#AuthorizedKeysFile .ssh/authorized_keys
Damien Millerd4a8b7e1999-10-27 13:42:43 +100042
Ben Lindstromc4b72252001-06-09 01:09:51 +000043# rhosts authentication should not be used
Damien Miller2bec5c12002-01-22 23:32:07 +110044#RhostsAuthentication no
Ben Lindstromc4b72252001-06-09 01:09:51 +000045# Don't read the user's ~/.rhosts and ~/.shosts files
Damien Miller2bec5c12002-01-22 23:32:07 +110046#IgnoreRhosts yes
Damien Miller05eda432002-02-10 18:32:28 +110047# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
Damien Miller2bec5c12002-01-22 23:32:07 +110048#RhostsRSAAuthentication no
Ben Lindstromc4b72252001-06-09 01:09:51 +000049# similar for protocol version 2
Damien Miller2bec5c12002-01-22 23:32:07 +110050#HostbasedAuthentication no
51# Change to yes if you don't trust ~/.ssh/known_hosts for
52# RhostsRSAAuthentication and HostbasedAuthentication
53#IgnoreUserKnownHosts no
Ben Lindstromc4b72252001-06-09 01:09:51 +000054
Damien Millerd4a8b7e1999-10-27 13:42:43 +100055# To disable tunneled clear text passwords, change to no here!
Damien Miller2bec5c12002-01-22 23:32:07 +110056#PasswordAuthentication yes
57#PermitEmptyPasswords no
Damien Miller33804262001-02-04 23:20:18 +110058
Damien Miller2bec5c12002-01-22 23:32:07 +110059# Change to no to disable s/key passwords
60#ChallengeResponseAuthentication yes
Damien Millerf8154422001-04-25 22:44:14 +100061
Damien Miller2bec5c12002-01-22 23:32:07 +110062# Kerberos options
63# KerberosAuthentication automatically enabled if keyfile exists
64#KerberosAuthentication yes
65#KerberosOrLocalPasswd yes
66#KerberosTicketCleanup yes
67
68# AFSTokenPassing automatically enabled if k_hasafs() is true
69#AFSTokenPassing yes
70
71# Kerberos TGT Passing only works with the AFS kaserver
72#KerberosTgtPassing no
73
74# Set this to 'yes' to enable PAM keyboard-interactive authentication
Damien Millerf8154422001-04-25 22:44:14 +100075# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
76#PAMAuthenticationViaKbdInt yes
Damien Millerd4a8b7e1999-10-27 13:42:43 +100077
Damien Miller2bec5c12002-01-22 23:32:07 +110078#X11Forwarding no
79#X11DisplayOffset 10
Damien Miller95c249f2002-02-05 12:11:34 +110080#X11UseLocalhost yes
Damien Miller2bec5c12002-01-22 23:32:07 +110081#PrintMotd yes
82#PrintLastLog yes
83#KeepAlive yes
Damien Millerc30d35c2000-08-30 09:40:09 +110084#UseLogin no
Damien Millerf6d9e222000-06-18 14:50:44 +100085
Damien Miller2bec5c12002-01-22 23:32:07 +110086#MaxStartups 10
87# no default banner path
88#Banner /some/path
Damien Millerc5d86352002-02-05 12:13:41 +110089#VerifyReverseMapping no
Ben Lindstrome9d04442001-02-10 23:26:35 +000090
Damien Miller2bec5c12002-01-22 23:32:07 +110091# override default of no subsystems
Ben Lindstrome9d04442001-02-10 23:26:35 +000092Subsystem sftp /usr/libexec/sftp-server