Damien Miller | 9f0f5c6 | 2001-12-21 14:45:46 +1100 | [diff] [blame] | 1 | # $OpenBSD: sshd_config,v 1.43 2001/12/19 07:18:56 deraadt Exp $ |
Ben Lindstrom | 36579d3 | 2001-01-29 07:39:26 +0000 | [diff] [blame] | 2 | |
Tim Rice | 59ea0a0 | 2001-03-10 13:50:45 -0800 | [diff] [blame] | 3 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin |
| 4 | |
Damien Miller | 3380426 | 2001-02-04 23:20:18 +1100 | [diff] [blame] | 5 | # This is the sshd server system-wide configuration file. See sshd(8) |
| 6 | # for more information. |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 7 | |
| 8 | Port 22 |
Damien Miller | 8bb73be | 2000-04-19 16:26:12 +1000 | [diff] [blame] | 9 | #Protocol 2,1 |
Kevin Steves | 8ee4f69 | 2001-01-09 15:28:46 +0000 | [diff] [blame] | 10 | #ListenAddress 0.0.0.0 |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 11 | #ListenAddress :: |
Ben Lindstrom | c4b7225 | 2001-06-09 01:09:51 +0000 | [diff] [blame] | 12 | |
| 13 | # HostKey for protocol version 1 |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 14 | HostKey /etc/ssh_host_key |
Ben Lindstrom | c4b7225 | 2001-06-09 01:09:51 +0000 | [diff] [blame] | 15 | # HostKeys for protocol version 2 |
Ben Lindstrom | 531a445 | 2001-03-05 05:17:18 +0000 | [diff] [blame] | 16 | HostKey /etc/ssh_host_rsa_key |
Ben Lindstrom | 4b00c8b | 2001-03-05 06:05:35 +0000 | [diff] [blame] | 17 | HostKey /etc/ssh_host_dsa_key |
Ben Lindstrom | c4b7225 | 2001-06-09 01:09:51 +0000 | [diff] [blame] | 18 | |
| 19 | # Lifetime and size of ephemeral version 1 server key |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 20 | KeyRegenerationInterval 3600 |
Ben Lindstrom | c4b7225 | 2001-06-09 01:09:51 +0000 | [diff] [blame] | 21 | ServerKeyBits 768 |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 22 | |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 23 | # Logging |
Kevin Steves | 8ee4f69 | 2001-01-09 15:28:46 +0000 | [diff] [blame] | 24 | SyslogFacility AUTH |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 25 | LogLevel INFO |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 26 | #obsoletes QuietMode and FascistLogging |
Damien Miller | 9ba3024 | 1999-11-11 21:07:00 +1100 | [diff] [blame] | 27 | |
Ben Lindstrom | c4b7225 | 2001-06-09 01:09:51 +0000 | [diff] [blame] | 28 | # Authentication: |
| 29 | |
| 30 | LoginGraceTime 600 |
| 31 | PermitRootLogin yes |
| 32 | StrictModes yes |
| 33 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 34 | RSAAuthentication yes |
Ben Lindstrom | bfb3a0e | 2001-06-05 20:25:05 +0000 | [diff] [blame] | 35 | PubkeyAuthentication yes |
| 36 | #AuthorizedKeysFile %h/.ssh/authorized_keys |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 37 | |
Ben Lindstrom | c4b7225 | 2001-06-09 01:09:51 +0000 | [diff] [blame] | 38 | # rhosts authentication should not be used |
| 39 | RhostsAuthentication no |
| 40 | # Don't read the user's ~/.rhosts and ~/.shosts files |
| 41 | IgnoreRhosts yes |
| 42 | # For this to work you will also need host keys in /etc/ssh_known_hosts |
| 43 | RhostsRSAAuthentication no |
| 44 | # similar for protocol version 2 |
| 45 | HostbasedAuthentication no |
| 46 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication |
| 47 | #IgnoreUserKnownHosts yes |
| 48 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 49 | # To disable tunneled clear text passwords, change to no here! |
| 50 | PasswordAuthentication yes |
| 51 | PermitEmptyPasswords no |
Damien Miller | 3380426 | 2001-02-04 23:20:18 +1100 | [diff] [blame] | 52 | |
Damien Miller | 9f0f5c6 | 2001-12-21 14:45:46 +1100 | [diff] [blame] | 53 | # Uncomment to disable s/key passwords |
Damien Miller | f815442 | 2001-04-25 22:44:14 +1000 | [diff] [blame] | 54 | #ChallengeResponseAuthentication no |
| 55 | |
| 56 | # Uncomment to enable PAM keyboard-interactive authentication |
| 57 | # Warning: enabling this may bypass the setting of 'PasswordAuthentication' |
| 58 | #PAMAuthenticationViaKbdInt yes |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 59 | |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 60 | # To change Kerberos options |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 61 | #KerberosAuthentication no |
| 62 | #KerberosOrLocalPasswd yes |
| 63 | #AFSTokenPassing no |
| 64 | #KerberosTicketCleanup no |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 65 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 66 | # Kerberos TGT Passing does only work with the AFS kaserver |
| 67 | #KerberosTgtPassing yes |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 68 | |
Ben Lindstrom | c4b7225 | 2001-06-09 01:09:51 +0000 | [diff] [blame] | 69 | X11Forwarding no |
| 70 | X11DisplayOffset 10 |
| 71 | PrintMotd yes |
| 72 | #PrintLastLog no |
| 73 | KeepAlive yes |
Damien Miller | c30d35c | 2000-08-30 09:40:09 +1100 | [diff] [blame] | 74 | #UseLogin no |
Damien Miller | f6d9e22 | 2000-06-18 14:50:44 +1000 | [diff] [blame] | 75 | |
Damien Miller | 942da03 | 2000-08-18 13:59:06 +1000 | [diff] [blame] | 76 | #MaxStartups 10:30:60 |
Ben Lindstrom | 48bd7c1 | 2001-01-09 00:35:42 +0000 | [diff] [blame] | 77 | #Banner /etc/issue.net |
Damien Miller | 3380426 | 2001-02-04 23:20:18 +1100 | [diff] [blame] | 78 | #ReverseMappingCheck yes |
Ben Lindstrom | e9d0444 | 2001-02-10 23:26:35 +0000 | [diff] [blame] | 79 | |
| 80 | Subsystem sftp /usr/libexec/sftp-server |