blob: 41e3388da265eee2dac3f8c876eeec737e6a1095 [file] [log] [blame]
Damien Miller9f0f5c62001-12-21 14:45:46 +11001# $OpenBSD: sshd_config,v 1.43 2001/12/19 07:18:56 deraadt Exp $
Ben Lindstrom36579d32001-01-29 07:39:26 +00002
Tim Rice59ea0a02001-03-10 13:50:45 -08003# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
4
Damien Miller33804262001-02-04 23:20:18 +11005# This is the sshd server system-wide configuration file. See sshd(8)
6# for more information.
Damien Millerd4a8b7e1999-10-27 13:42:43 +10007
8Port 22
Damien Miller8bb73be2000-04-19 16:26:12 +10009#Protocol 2,1
Kevin Steves8ee4f692001-01-09 15:28:46 +000010#ListenAddress 0.0.0.0
Damien Miller34132e52000-01-14 15:45:46 +110011#ListenAddress ::
Ben Lindstromc4b72252001-06-09 01:09:51 +000012
13# HostKey for protocol version 1
Damien Miller886c63a2000-01-20 23:13:36 +110014HostKey /etc/ssh_host_key
Ben Lindstromc4b72252001-06-09 01:09:51 +000015# HostKeys for protocol version 2
Ben Lindstrom531a4452001-03-05 05:17:18 +000016HostKey /etc/ssh_host_rsa_key
Ben Lindstrom4b00c8b2001-03-05 06:05:35 +000017HostKey /etc/ssh_host_dsa_key
Ben Lindstromc4b72252001-06-09 01:09:51 +000018
19# Lifetime and size of ephemeral version 1 server key
Damien Millerd4a8b7e1999-10-27 13:42:43 +100020KeyRegenerationInterval 3600
Ben Lindstromc4b72252001-06-09 01:09:51 +000021ServerKeyBits 768
Damien Miller192bd011999-11-13 23:56:35 +110022
Damien Miller886c63a2000-01-20 23:13:36 +110023# Logging
Kevin Steves8ee4f692001-01-09 15:28:46 +000024SyslogFacility AUTH
Damien Miller192bd011999-11-13 23:56:35 +110025LogLevel INFO
Damien Miller886c63a2000-01-20 23:13:36 +110026#obsoletes QuietMode and FascistLogging
Damien Miller9ba30241999-11-11 21:07:00 +110027
Ben Lindstromc4b72252001-06-09 01:09:51 +000028# Authentication:
29
30LoginGraceTime 600
31PermitRootLogin yes
32StrictModes yes
33
Damien Millerd4a8b7e1999-10-27 13:42:43 +100034RSAAuthentication yes
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +000035PubkeyAuthentication yes
36#AuthorizedKeysFile %h/.ssh/authorized_keys
Damien Millerd4a8b7e1999-10-27 13:42:43 +100037
Ben Lindstromc4b72252001-06-09 01:09:51 +000038# rhosts authentication should not be used
39RhostsAuthentication no
40# Don't read the user's ~/.rhosts and ~/.shosts files
41IgnoreRhosts yes
42# For this to work you will also need host keys in /etc/ssh_known_hosts
43RhostsRSAAuthentication no
44# similar for protocol version 2
45HostbasedAuthentication no
46# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
47#IgnoreUserKnownHosts yes
48
Damien Millerd4a8b7e1999-10-27 13:42:43 +100049# To disable tunneled clear text passwords, change to no here!
50PasswordAuthentication yes
51PermitEmptyPasswords no
Damien Miller33804262001-02-04 23:20:18 +110052
Damien Miller9f0f5c62001-12-21 14:45:46 +110053# Uncomment to disable s/key passwords
Damien Millerf8154422001-04-25 22:44:14 +100054#ChallengeResponseAuthentication no
55
56# Uncomment to enable PAM keyboard-interactive authentication
57# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
58#PAMAuthenticationViaKbdInt yes
Damien Millerd4a8b7e1999-10-27 13:42:43 +100059
Damien Miller886c63a2000-01-20 23:13:36 +110060# To change Kerberos options
Damien Millerd4a8b7e1999-10-27 13:42:43 +100061#KerberosAuthentication no
62#KerberosOrLocalPasswd yes
63#AFSTokenPassing no
64#KerberosTicketCleanup no
Damien Miller886c63a2000-01-20 23:13:36 +110065
Damien Millerd4a8b7e1999-10-27 13:42:43 +100066# Kerberos TGT Passing does only work with the AFS kaserver
67#KerberosTgtPassing yes
Damien Miller886c63a2000-01-20 23:13:36 +110068
Ben Lindstromc4b72252001-06-09 01:09:51 +000069X11Forwarding no
70X11DisplayOffset 10
71PrintMotd yes
72#PrintLastLog no
73KeepAlive yes
Damien Millerc30d35c2000-08-30 09:40:09 +110074#UseLogin no
Damien Millerf6d9e222000-06-18 14:50:44 +100075
Damien Miller942da032000-08-18 13:59:06 +100076#MaxStartups 10:30:60
Ben Lindstrom48bd7c12001-01-09 00:35:42 +000077#Banner /etc/issue.net
Damien Miller33804262001-02-04 23:20:18 +110078#ReverseMappingCheck yes
Ben Lindstrome9d04442001-02-10 23:26:35 +000079
80Subsystem sftp /usr/libexec/sftp-server