source: hybrid/branches/releng-11/nanobsd/files/etc/ssh/sshd_config@ 13757

Last change on this file since 13757 was 13558, checked in by huub, 9 years ago

port 1022 standaard in configuratie sshd

File size: 3.6 KB
Line 
1# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
2# $FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $
3
4# This is the sshd server system-wide configuration file. See
5# sshd_config(5) for more information.
6
7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8
9# The strategy used for options in the default sshd_config shipped with
10# OpenSSH is to specify options with their default value where
11# possible, but leave them commented. Uncommented options change a
12# default value.
13
14# Note that some of FreeBSD's defaults differ from OpenBSD's, and
15# FreeBSD has a few additional options.
16
17#VersionAddendum FreeBSD-20090522
18
19Port 22
20Port 1022
21#Protocol 2
22#AddressFamily any
23#ListenAddress 0.0.0.0
24#ListenAddress ::
25
26# Disable legacy (protocol version 1) support in the server for new
27# installations. In future the default will change to require explicit
28# activation of protocol 1
29Protocol 2
30
31# HostKey for protocol version 1
32#HostKey /etc/ssh/ssh_host_key
33# HostKeys for protocol version 2
34#HostKey /etc/ssh/ssh_host_rsa_key
35#HostKey /etc/ssh/ssh_host_dsa_key
36
37# Lifetime and size of ephemeral version 1 server key
38#KeyRegenerationInterval 1h
39#ServerKeyBits 1024
40
41# Logging
42# obsoletes QuietMode and FascistLogging
43#SyslogFacility AUTH
44#LogLevel INFO
45
46# Authentication:
47
48#LoginGraceTime 2m
49PermitRootLogin yes
50#StrictModes yes
51#MaxAuthTries 6
52#MaxSessions 10
53
54#RSAAuthentication yes
55#PubkeyAuthentication yes
56#AuthorizedKeysFile .ssh/authorized_keys
57AuthorizedKeysFile /etc/ssh/authorized_keys
58
59# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
60#RhostsRSAAuthentication no
61# similar for protocol version 2
62#HostbasedAuthentication no
63# Change to yes if you don't trust ~/.ssh/known_hosts for
64# RhostsRSAAuthentication and HostbasedAuthentication
65#IgnoreUserKnownHosts no
66# Don't read the user's ~/.rhosts and ~/.shosts files
67#IgnoreRhosts yes
68
69# Change to yes to enable built-in password authentication.
70#PasswordAuthentication no
71#PermitEmptyPasswords no
72
73# Change to no to disable PAM authentication
74#ChallengeResponseAuthentication yes
75
76# Kerberos options
77#KerberosAuthentication no
78#KerberosOrLocalPasswd yes
79#KerberosTicketCleanup yes
80#KerberosGetAFSToken no
81
82# GSSAPI options
83#GSSAPIAuthentication no
84#GSSAPICleanupCredentials yes
85
86# Set this to 'no' to disable PAM authentication, account processing,
87# and session processing. If this is enabled, PAM authentication will
88# be allowed through the ChallengeResponseAuthentication and
89# PasswordAuthentication. Depending on your PAM configuration,
90# PAM authentication via ChallengeResponseAuthentication may bypass
91PermitRootLogin yes
92# If you just want the PAM account and session checks to run without
93# PAM authentication, then enable this but set PasswordAuthentication
94# and ChallengeResponseAuthentication to 'no'.
95#UsePAM yes
96
97#AllowAgentForwarding yes
98#AllowTcpForwarding yes
99#GatewayPorts no
100#X11Forwarding yes
101#X11DisplayOffset 10
102#X11UseLocalhost yes
103#PrintMotd yes
104#PrintLastLog yes
105#TCPKeepAlive yes
106#UseLogin no
107#UsePrivilegeSeparation yes
108#PermitUserEnvironment no
109#Compression delayed
110#ClientAliveInterval 0
111#ClientAliveCountMax 3
112UseDNS no
113#PidFile /var/run/sshd.pid
114#MaxStartups 10
115#PermitTunnel no
116#ChrootDirectory none
117
118# no default banner path
119#Banner none
120
121# override default of no subsystems
122Subsystem sftp /usr/libexec/sftp-server
123
124# Example of overriding settings on a per-user basis
125#Match User anoncvs
126# X11Forwarding no
127# AllowTcpForwarding no
128# ForceCommand cvs server
129
130Banner /etc/ssh/ssh-external-banner
131PasswordAuthentication no
132Match address 172.16.0.0/12
133Banner /etc/ssh/ssh-internal-banner
134PasswordAuthentication yes
135
Note: See TracBrowser for help on using the repository browser.