source: hybrid/branches/releng-9.0/nanobsd/files/etc/ssh/sshd_config@ 10446

Last change on this file since 10446 was 10445, checked in by rick, 13 years ago

Storing the AuthorizedKeys file globally is not safer, but way easier in maintenance.

File size: 3.5 KB
Line 
1# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
2# $FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $
3
4# This is the sshd server system-wide configuration file. See
5# sshd_config(5) for more information.
6
7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8
9# The strategy used for options in the default sshd_config shipped with
10# OpenSSH is to specify options with their default value where
11# possible, but leave them commented. Uncommented options change a
12# default value.
13
14# Note that some of FreeBSD's defaults differ from OpenBSD's, and
15# FreeBSD has a few additional options.
16
17#VersionAddendum FreeBSD-20090522
18
19#Port 22
20#Protocol 2
21#AddressFamily any
22#ListenAddress 0.0.0.0
23#ListenAddress ::
24
25# Disable legacy (protocol version 1) support in the server for new
26# installations. In future the default will change to require explicit
27# activation of protocol 1
28Protocol 2
29
30# HostKey for protocol version 1
31#HostKey /etc/ssh/ssh_host_key
32# HostKeys for protocol version 2
33#HostKey /etc/ssh/ssh_host_rsa_key
34#HostKey /etc/ssh/ssh_host_dsa_key
35
36# Lifetime and size of ephemeral version 1 server key
37#KeyRegenerationInterval 1h
38#ServerKeyBits 1024
39
40# Logging
41# obsoletes QuietMode and FascistLogging
42#SyslogFacility AUTH
43#LogLevel INFO
44
45# Authentication:
46
47#LoginGraceTime 2m
48PermitRootLogin yes
49#StrictModes yes
50#MaxAuthTries 6
51#MaxSessions 10
52
53#RSAAuthentication yes
54#PubkeyAuthentication yes
55#AuthorizedKeysFile .ssh/authorized_keys
56AuthorizedKeysFile /etc/ssh/authorized_keys
57
58# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
59#RhostsRSAAuthentication no
60# similar for protocol version 2
61#HostbasedAuthentication no
62# Change to yes if you don't trust ~/.ssh/known_hosts for
63# RhostsRSAAuthentication and HostbasedAuthentication
64#IgnoreUserKnownHosts no
65# Don't read the user's ~/.rhosts and ~/.shosts files
66#IgnoreRhosts yes
67
68# Change to yes to enable built-in password authentication.
69#PasswordAuthentication no
70#PermitEmptyPasswords no
71
72# Change to no to disable PAM authentication
73#ChallengeResponseAuthentication yes
74
75# Kerberos options
76#KerberosAuthentication no
77#KerberosOrLocalPasswd yes
78#KerberosTicketCleanup yes
79#KerberosGetAFSToken no
80
81# GSSAPI options
82#GSSAPIAuthentication no
83#GSSAPICleanupCredentials yes
84
85# Set this to 'no' to disable PAM authentication, account processing,
86# and session processing. If this is enabled, PAM authentication will
87# be allowed through the ChallengeResponseAuthentication and
88# PasswordAuthentication. Depending on your PAM configuration,
89# PAM authentication via ChallengeResponseAuthentication may bypass
90PermitRootLogin yes
91# If you just want the PAM account and session checks to run without
92# PAM authentication, then enable this but set PasswordAuthentication
93# and ChallengeResponseAuthentication to 'no'.
94#UsePAM yes
95
96#AllowAgentForwarding yes
97#AllowTcpForwarding yes
98#GatewayPorts no
99#X11Forwarding yes
100#X11DisplayOffset 10
101#X11UseLocalhost yes
102#PrintMotd yes
103#PrintLastLog yes
104#TCPKeepAlive yes
105#UseLogin no
106#UsePrivilegeSeparation yes
107#PermitUserEnvironment no
108#Compression delayed
109#ClientAliveInterval 0
110#ClientAliveCountMax 3
111UseDNS no
112#PidFile /var/run/sshd.pid
113#MaxStartups 10
114#PermitTunnel no
115#ChrootDirectory none
116
117# no default banner path
118#Banner none
119
120# override default of no subsystems
121Subsystem sftp /usr/libexec/sftp-server
122
123# Example of overriding settings on a per-user basis
124#Match User anoncvs
125# X11Forwarding no
126# AllowTcpForwarding no
127# ForceCommand cvs server
Note: See TracBrowser for help on using the repository browser.