# $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 22 Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key KeyRegenerationInterval 1h ServerKeyBits 768 SyslogFacility AUTH LogLevel INFO LoginGraceTime 2m #PermitRootLogin no PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes #PasswordAuthentication no PasswordAuthentication yes PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Set this to 'yes' to enable PAM authentication (via challenge-response) # and session processing. Depending on your PAM configuration, this may # bypass the setting of 'PasswordAuthentication' #UsePAM yes AllowTcpForwarding yes #GatewayPorts no X11Forwarding no X11DisplayOffset 10 X11UseLocalhost yes PrintMotd yes PrintLastLog no PrintLastLog no TCPKeepAlive no UseLogin no UsePrivilegeSeparation yes PermitUserEnvironment yes Compression no ClientAliveInterval 10 ClientAliveCountMax 3 UseDNS no PidFile /var/run/sshd.pid MaxStartups 10 # no default banner path #Banner /some/path # override default of no subsystems #Subsystem sftp /usr/bin/sftp-server