X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/272b7f60269cee3ac1ca04dcbeb983093d36a2c7..c4f51837081fc00e2c67c70da918a948590cd392:/sshd_config diff --git a/sshd_config b/sshd_config index 42c3244b..b45c8c56 100644 --- a/sshd_config +++ b/sshd_config @@ -1,54 +1,97 @@ -# This is ssh server systemwide configuration file. - -Port 22 -ListenAddress 0.0.0.0 -HostKey /etc/ssh/ssh_host_key -ServerKeyBits 768 -LoginGraceTime 600 -KeyRegenerationInterval 3600 -PermitRootLogin yes - -# -# Loglevel replaces QuietMode and FascistLogging -# -LogLevel INFO - -# -# Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -StrictModes yes -X11Forwarding yes -X11DisplayOffset 10 -FascistLogging no -PrintMotd yes -KeepAlive yes -CheckMail no -UseLogin no -SyslogFacility AUTH -RhostsAuthentication no - -# -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -# -RhostsRSAAuthentication no +# $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#Protocol 2,1 +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 768 + +# Logging +#obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: -RSAAuthentication yes +#LoginGraceTime 2m +#PermitRootLogin yes +#StrictModes yes + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! -PasswordAuthentication yes -PermitEmptyPasswords no +#PasswordAuthentication yes +#PermitEmptyPasswords no -# -# Uncomment to disable s/key passwords (must be compiled with s/key support) -# -#SkeyAuthentication no +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes -# -# To change Kerberos options (must be compiled with Kerberos support) -# +# Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes -#AFSTokenPassing no -#KerberosTicketCleanup no -# Kerberos TGT Passing does only work with the AFS kaserver -#KerberosTgtPassing yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication (via challenge-response) +# and session processing. Depending on your PAM configuration, this may +# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords' +#UsePAM no + +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression yes +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 + +# no default banner path +#Banner /some/path + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server