#	$OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
Protocol 2

#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

KeyRegenerationInterval 1h
ServerKeyBits 768

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 2m
#PermitRootLogin no
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

#PasswordAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
#UsePAM yes

AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd yes
PrintLastLog no
PrintLastLog no
TCPKeepAlive no
UseLogin no
UsePrivilegeSeparation yes
PermitUserEnvironment yes

Compression no
ClientAliveInterval 10
ClientAliveCountMax 3

UseDNS no
PidFile /var/run/sshd.pid
MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
#Subsystem	sftp	/usr/bin/sftp-server