Ben Lindstrom | e9d0444 | 2001-02-10 23:26:35 +0000 | [diff] [blame] | 1 | # $OpenBSD: sshd_config,v 1.32 2001/02/06 22:07:50 deraadt Exp $ |
Ben Lindstrom | 36579d3 | 2001-01-29 07:39:26 +0000 | [diff] [blame] | 2 | |
Damien Miller | 3380426 | 2001-02-04 23:20:18 +1100 | [diff] [blame] | 3 | # This is the sshd server system-wide configuration file. See sshd(8) |
4 | # for more information. | ||||
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 5 | |
6 | Port 22 | ||||
Damien Miller | 8bb73be | 2000-04-19 16:26:12 +1000 | [diff] [blame] | 7 | #Protocol 2,1 |
Kevin Steves | 8ee4f69 | 2001-01-09 15:28:46 +0000 | [diff] [blame] | 8 | #ListenAddress 0.0.0.0 |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 9 | #ListenAddress :: |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 10 | HostKey /etc/ssh_host_key |
Damien Miller | 0bc1bd8 | 2000-11-13 22:57:25 +1100 | [diff] [blame] | 11 | HostKey /etc/ssh_host_dsa_key |
Kevin Steves | 8ee4f69 | 2001-01-09 15:28:46 +0000 | [diff] [blame] | 12 | #HostKey /etc/ssh_host_rsa_key |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 13 | ServerKeyBits 768 |
14 | LoginGraceTime 600 | ||||
15 | KeyRegenerationInterval 3600 | ||||
16 | PermitRootLogin yes | ||||
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 17 | # |
18 | # Don't read ~/.rhosts and ~/.shosts files | ||||
19 | IgnoreRhosts yes | ||||
20 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | ||||
21 | #IgnoreUserKnownHosts yes | ||||
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 22 | StrictModes yes |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 23 | X11Forwarding no |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 24 | X11DisplayOffset 10 |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 25 | PrintMotd yes |
26 | KeepAlive yes | ||||
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 27 | |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 28 | # Logging |
Kevin Steves | 8ee4f69 | 2001-01-09 15:28:46 +0000 | [diff] [blame] | 29 | SyslogFacility AUTH |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 30 | LogLevel INFO |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 31 | #obsoletes QuietMode and FascistLogging |
Damien Miller | 9ba3024 | 1999-11-11 21:07:00 +1100 | [diff] [blame] | 32 | |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 33 | RhostsAuthentication no |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 34 | # |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 35 | # For this to work you will also need host keys in /etc/ssh_known_hosts |
36 | RhostsRSAAuthentication no | ||||
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 37 | # |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 38 | RSAAuthentication yes |
39 | |||||
40 | # To disable tunneled clear text passwords, change to no here! | ||||
41 | PasswordAuthentication yes | ||||
42 | PermitEmptyPasswords no | ||||
Damien Miller | 3380426 | 2001-02-04 23:20:18 +1100 | [diff] [blame] | 43 | |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 44 | # Uncomment to disable s/key passwords |
Ben Lindstrom | e9d0444 | 2001-02-10 23:26:35 +0000 | [diff] [blame] | 45 | #ChallengeResponseAuthentication no |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 46 | |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 47 | # To change Kerberos options |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 48 | #KerberosAuthentication no |
49 | #KerberosOrLocalPasswd yes | ||||
50 | #AFSTokenPassing no | ||||
51 | #KerberosTicketCleanup no | ||||
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 52 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 53 | # Kerberos TGT Passing does only work with the AFS kaserver |
54 | #KerberosTgtPassing yes | ||||
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 55 | |
Kevin Steves | 8ee4f69 | 2001-01-09 15:28:46 +0000 | [diff] [blame] | 56 | #CheckMail yes |
Damien Miller | c30d35c | 2000-08-30 09:40:09 +1100 | [diff] [blame] | 57 | #UseLogin no |
Damien Miller | f6d9e22 | 2000-06-18 14:50:44 +1000 | [diff] [blame] | 58 | |
Damien Miller | 942da03 | 2000-08-18 13:59:06 +1000 | [diff] [blame] | 59 | #MaxStartups 10:30:60 |
Ben Lindstrom | 48bd7c1 | 2001-01-09 00:35:42 +0000 | [diff] [blame] | 60 | #Banner /etc/issue.net |
Damien Miller | 3380426 | 2001-02-04 23:20:18 +1100 | [diff] [blame] | 61 | #ReverseMappingCheck yes |
Ben Lindstrom | e9d0444 | 2001-02-10 23:26:35 +0000 | [diff] [blame] | 62 | |
63 | Subsystem sftp /usr/libexec/sftp-server |