X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/8002af617f063c404ae06f0b93eb36557ae3d155..e9cb5aa665403891972f09dc131a7206fe38c5f7:/sshd_config diff --git a/sshd_config b/sshd_config index c131a586..57a1f2be 100644 --- a/sshd_config +++ b/sshd_config @@ -1,70 +1,94 @@ -# $OpenBSD: sshd_config,v 1.36 2001/04/12 19:15:26 markus Exp $ +# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin -# This is the sshd server system-wide configuration file. See sshd(8) -# for more information. +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. -Port 22 +#Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: -HostKey /etc/ssh_host_key -HostKey /etc/ssh_host_rsa_key -HostKey /etc/ssh_host_dsa_key -ServerKeyBits 768 -LoginGraceTime 600 -KeyRegenerationInterval 3600 -PermitRootLogin yes -# -# Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes -StrictModes yes -X11Forwarding no -X11DisplayOffset 10 -PrintMotd yes -#PrintLastLog no -KeepAlive yes + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 3600 +#ServerKeyBits 768 # Logging -SyslogFacility AUTH -LogLevel INFO #obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: -RhostsAuthentication no -# -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no +#LoginGraceTime 120 +#PermitRootLogin yes +#StrictModes yes + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# rhosts authentication should not be used +#RhostsAuthentication no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no # similar for protocol version 2 -HostbasedAuthentication no -# -RSAAuthentication yes +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! -PasswordAuthentication yes -PermitEmptyPasswords no +#PasswordAuthentication yes +#PermitEmptyPasswords no -# Comment to enable s/key passwords or PAM interactive authentication -# NB. Neither of these are compiled in by default. Please read the -# notes in the sshd(8) manpage before enabling this on a PAM system. -ChallengeResponseAuthentication no +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes -# To change Kerberos options +# Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + #AFSTokenPassing no -#KerberosTicketCleanup no -# Kerberos TGT Passing does only work with the AFS kaserver -#KerberosTgtPassing yes +# Kerberos TGT Passing only works with the AFS kaserver +#KerberosTgtPassing no + +# Set this to 'yes' to enable PAM authentication (via challenge-response) +# and session processing +# Warning: enabling this may bypass the setting of 'PasswordAuthentication' +#UsePAM no -#CheckMail yes +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#KeepAlive yes #UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression yes -#MaxStartups 10:30:60 -#Banner /etc/issue.net -#ReverseMappingCheck yes +#MaxStartups 10 +# no default banner path +#Banner /some/path +#VerifyReverseMapping no +# override default of no subsystems Subsystem sftp /usr/libexec/sftp-server