Annotation of src/usr.bin/ssh/sshd_config, Revision 1.10
1.1 deraadt 1: # This is ssh server systemwide configuration file.
2:
3: Port 22
4: ListenAddress 0.0.0.0
1.2 deraadt 5: HostKey /etc/ssh_host_key
1.1 deraadt 6: ServerKeyBits 768
7: LoginGraceTime 600
8: KeyRegenerationInterval 3600
9: PermitRootLogin yes
10: #
11: # Don't read ~/.rhosts and ~/.shosts files
12: IgnoreRhosts yes
13: StrictModes yes
14: QuietMode no
1.3 deraadt 15: X11Forwarding no
16: X11DisplayOffset 10
1.1 deraadt 17: FascistLogging no
18: PrintMotd yes
19: KeepAlive yes
1.4 deraadt 20: SyslogFacility AUTH
1.1 deraadt 21: RhostsAuthentication no
22: #
1.2 deraadt 23: # For this to work you will also need host keys in /etc/ssh_known_hosts
1.8 deraadt 24: RhostsRSAAuthentication no
1.1 deraadt 25: #
1.8 deraadt 26: RSAAuthentication yes
1.6 deraadt 27:
28: # To disable tunneled clear text passwords, change to no here!
1.5 deraadt 29: PasswordAuthentication yes
1.1 deraadt 30: PermitEmptyPasswords no
1.9 markus 31: # Uncomment to disable s/key passwords
32: #SkeyAuthentication no
1.6 deraadt 33:
34: # To change Kerberos options
35: #KerberosAuthentication no
1.1 deraadt 36: #KerberosOrLocalPasswd yes
1.6 deraadt 37: #AFSTokenPassing no
38: #KerberosTicketCleanup no
1.1 deraadt 39:
40: # Kerberos TGT Passing does only work with the AFS kaserver
41: #KerberosTgtPassing yes
42:
1.10 ! markus 43: #CheckMail yes
! 44:
1.6 deraadt 45: # XXX implement these
46: #UseLogin no
47:
1.1 deraadt 48: # AllowHosts *.our.com friend.other.com
49: # DenyHosts lowsecurity.theirs.com *.evil.org evil.org