Annotation of src/usr.bin/ssh/sshd_config, Revision 1.15
1.1 deraadt 1: # This is ssh server systemwide configuration file.
2:
3: Port 22
1.15 ! markus 4: #ListenAddress 0.0.0.0
! 5: #ListenAddress ::
1.2 deraadt 6: HostKey /etc/ssh_host_key
1.1 deraadt 7: ServerKeyBits 768
8: LoginGraceTime 600
9: KeyRegenerationInterval 3600
10: PermitRootLogin yes
11: #
12: # Don't read ~/.rhosts and ~/.shosts files
13: IgnoreRhosts yes
1.14 markus 14: # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
15: #IgnoreUserKnownHosts yes
1.1 deraadt 16: StrictModes yes
1.3 deraadt 17: X11Forwarding no
18: X11DisplayOffset 10
1.1 deraadt 19: PrintMotd yes
20: KeepAlive yes
1.13 markus 21:
22: # Logging
1.4 deraadt 23: SyslogFacility AUTH
1.13 markus 24: LogLevel INFO
25: #obsoletes QuietMode and FascistLogging
26:
1.1 deraadt 27: RhostsAuthentication no
28: #
1.2 deraadt 29: # For this to work you will also need host keys in /etc/ssh_known_hosts
1.8 deraadt 30: RhostsRSAAuthentication no
1.1 deraadt 31: #
1.8 deraadt 32: RSAAuthentication yes
1.6 deraadt 33:
34: # To disable tunneled clear text passwords, change to no here!
1.5 deraadt 35: PasswordAuthentication yes
1.1 deraadt 36: PermitEmptyPasswords no
1.9 markus 37: # Uncomment to disable s/key passwords
38: #SkeyAuthentication no
1.6 deraadt 39:
40: # To change Kerberos options
41: #KerberosAuthentication no
1.1 deraadt 42: #KerberosOrLocalPasswd yes
1.6 deraadt 43: #AFSTokenPassing no
44: #KerberosTicketCleanup no
1.1 deraadt 45:
46: # Kerberos TGT Passing does only work with the AFS kaserver
47: #KerberosTgtPassing yes
48:
1.10 markus 49: #CheckMail yes
1.6 deraadt 50: #UseLogin no