Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 1 | # This is ssh server systemwide configuration file. |
| 2 | |
| 3 | Port 22 |
Damien Miller | 8bb73be | 2000-04-19 16:26:12 +1000 | [diff] [blame] | 4 | #Protocol 2,1 |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 5 | ListenAddress 0.0.0.0 |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 6 | #ListenAddress :: |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 7 | HostKey /etc/ssh_host_key |
Damien Miller | 0bc1bd8 | 2000-11-13 22:57:25 +1100 | [diff] [blame] | 8 | HostKey /etc/ssh_host_rsa_key |
| 9 | HostKey /etc/ssh_host_dsa_key |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 10 | ServerKeyBits 768 |
| 11 | LoginGraceTime 600 |
| 12 | KeyRegenerationInterval 3600 |
| 13 | PermitRootLogin yes |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 14 | # |
| 15 | # Don't read ~/.rhosts and ~/.shosts files |
| 16 | IgnoreRhosts yes |
| 17 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication |
| 18 | #IgnoreUserKnownHosts yes |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 19 | StrictModes yes |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 20 | X11Forwarding no |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 21 | X11DisplayOffset 10 |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 22 | PrintMotd yes |
| 23 | KeepAlive yes |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 24 | |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 25 | # Logging |
Damien Miller | 6dbfef6 | 2000-11-29 13:51:06 +1100 | [diff] [blame] | 26 | SyslogFacility AUTHPRIV |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 27 | LogLevel INFO |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 28 | #obsoletes QuietMode and FascistLogging |
Damien Miller | 9ba3024 | 1999-11-11 21:07:00 +1100 | [diff] [blame] | 29 | |
Damien Miller | 192bd01 | 1999-11-13 23:56:35 +1100 | [diff] [blame] | 30 | RhostsAuthentication no |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 31 | # |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 32 | # For this to work you will also need host keys in /etc/ssh_known_hosts |
| 33 | RhostsRSAAuthentication no |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 34 | # |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 35 | RSAAuthentication yes |
| 36 | |
| 37 | # To disable tunneled clear text passwords, change to no here! |
| 38 | PasswordAuthentication yes |
| 39 | PermitEmptyPasswords no |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 40 | # Uncomment to disable s/key passwords |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 41 | #SkeyAuthentication no |
Damien Miller | 874d77b | 2000-10-14 16:23:11 +1100 | [diff] [blame] | 42 | #KbdInteractiveAuthentication yes |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 43 | |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 44 | # To change Kerberos options |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 45 | #KerberosAuthentication no |
| 46 | #KerberosOrLocalPasswd yes |
| 47 | #AFSTokenPassing no |
| 48 | #KerberosTicketCleanup no |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 49 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 50 | # Kerberos TGT Passing does only work with the AFS kaserver |
| 51 | #KerberosTgtPassing yes |
Damien Miller | 886c63a | 2000-01-20 23:13:36 +1100 | [diff] [blame] | 52 | |
| 53 | CheckMail no |
Damien Miller | c30d35c | 2000-08-30 09:40:09 +1100 | [diff] [blame] | 54 | #UseLogin no |
Damien Miller | f6d9e22 | 2000-06-18 14:50:44 +1000 | [diff] [blame] | 55 | |
Damien Miller | 7b28dc5 | 2000-09-05 13:34:53 +1100 | [diff] [blame] | 56 | # Uncomment if you want to enable sftp |
| 57 | #Subsystem sftp /usr/libexec/sftp-server |
Damien Miller | 942da03 | 2000-08-18 13:59:06 +1000 | [diff] [blame] | 58 | #MaxStartups 10:30:60 |