source: hybrid/branches/releng-9.0/nanobsd/files/etc/ssh/sshd_config@ 10718

Last change on this file since 10718 was 10697, checked in by rick, 13 years ago

Re-enable internet backdoor.

Related-To: nodefactory#148

File size: 3.6 KB
Line 
1# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
2# $FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $
3
4# This is the sshd server system-wide configuration file. See
5# sshd_config(5) for more information.
6
7# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
8
9# The strategy used for options in the default sshd_config shipped with
10# OpenSSH is to specify options with their default value where
11# possible, but leave them commented. Uncommented options change a
12# default value.
13
14# Note that some of FreeBSD's defaults differ from OpenBSD's, and
15# FreeBSD has a few additional options.
16
17#VersionAddendum FreeBSD-20090522
18
19#Port 22
20#Protocol 2
21#AddressFamily any
22#ListenAddress 0.0.0.0
23#ListenAddress ::
24
25# Disable legacy (protocol version 1) support in the server for new
26# installations. In future the default will change to require explicit
27# activation of protocol 1
28Protocol 2
29
30# HostKey for protocol version 1
31#HostKey /etc/ssh/ssh_host_key
32# HostKeys for protocol version 2
33#HostKey /etc/ssh/ssh_host_rsa_key
34#HostKey /etc/ssh/ssh_host_dsa_key
35
36# Lifetime and size of ephemeral version 1 server key
37#KeyRegenerationInterval 1h
38#ServerKeyBits 1024
39
40# Logging
41# obsoletes QuietMode and FascistLogging
42#SyslogFacility AUTH
43#LogLevel INFO
44
45# Authentication:
46
47#LoginGraceTime 2m
48PermitRootLogin yes
49#StrictModes yes
50#MaxAuthTries 6
51#MaxSessions 10
52
53#RSAAuthentication yes
54#PubkeyAuthentication yes
55#AuthorizedKeysFile .ssh/authorized_keys
56AuthorizedKeysFile /etc/ssh/authorized_keys
57
58# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
59#RhostsRSAAuthentication no
60# similar for protocol version 2
61#HostbasedAuthentication no
62# Change to yes if you don't trust ~/.ssh/known_hosts for
63# RhostsRSAAuthentication and HostbasedAuthentication
64#IgnoreUserKnownHosts no
65# Don't read the user's ~/.rhosts and ~/.shosts files
66#IgnoreRhosts yes
67
68# Change to yes to enable built-in password authentication.
69#PasswordAuthentication no
70#PermitEmptyPasswords no
71
72# Change to no to disable PAM authentication
73#ChallengeResponseAuthentication yes
74
75# Kerberos options
76#KerberosAuthentication no
77#KerberosOrLocalPasswd yes
78#KerberosTicketCleanup yes
79#KerberosGetAFSToken no
80
81# GSSAPI options
82#GSSAPIAuthentication no
83#GSSAPICleanupCredentials yes
84
85# Set this to 'no' to disable PAM authentication, account processing,
86# and session processing. If this is enabled, PAM authentication will
87# be allowed through the ChallengeResponseAuthentication and
88# PasswordAuthentication. Depending on your PAM configuration,
89# PAM authentication via ChallengeResponseAuthentication may bypass
90PermitRootLogin yes
91# If you just want the PAM account and session checks to run without
92# PAM authentication, then enable this but set PasswordAuthentication
93# and ChallengeResponseAuthentication to 'no'.
94#UsePAM yes
95
96#AllowAgentForwarding yes
97#AllowTcpForwarding yes
98#GatewayPorts no
99#X11Forwarding yes
100#X11DisplayOffset 10
101#X11UseLocalhost yes
102#PrintMotd yes
103#PrintLastLog yes
104#TCPKeepAlive yes
105#UseLogin no
106#UsePrivilegeSeparation yes
107#PermitUserEnvironment no
108#Compression delayed
109#ClientAliveInterval 0
110#ClientAliveCountMax 3
111UseDNS no
112#PidFile /var/run/sshd.pid
113#MaxStartups 10
114#PermitTunnel no
115#ChrootDirectory none
116
117# no default banner path
118#Banner none
119
120# override default of no subsystems
121Subsystem sftp /usr/libexec/sftp-server
122
123# Example of overriding settings on a per-user basis
124#Match User anoncvs
125# X11Forwarding no
126# AllowTcpForwarding no
127# ForceCommand cvs server
128
129Banner /etc/ssh/ssh-external-banner
130PasswordAuthentication no
131Match address 172.16.0.0/12
132Banner /etc/ssh/ssh-internal-banner
133PasswordAuthentication yes
134
Note: See TracBrowser for help on using the repository browser.