Annotation of src/usr.bin/ssh/sshd_config, Revision 1.16.2.1
1.1 deraadt 1: # This is ssh server systemwide configuration file.
2:
3: Port 22
1.16 todd 4: #Protocol 2,1
1.15 markus 5: #ListenAddress 0.0.0.0
6: #ListenAddress ::
1.2 deraadt 7: HostKey /etc/ssh_host_key
1.1 deraadt 8: ServerKeyBits 768
9: LoginGraceTime 600
10: KeyRegenerationInterval 3600
11: PermitRootLogin yes
12: #
13: # Don't read ~/.rhosts and ~/.shosts files
14: IgnoreRhosts yes
1.14 markus 15: # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
16: #IgnoreUserKnownHosts yes
1.1 deraadt 17: StrictModes yes
1.3 deraadt 18: X11Forwarding no
19: X11DisplayOffset 10
1.1 deraadt 20: PrintMotd yes
21: KeepAlive yes
1.13 markus 22:
23: # Logging
1.4 deraadt 24: SyslogFacility AUTH
1.13 markus 25: LogLevel INFO
26: #obsoletes QuietMode and FascistLogging
27:
1.1 deraadt 28: RhostsAuthentication no
29: #
1.2 deraadt 30: # For this to work you will also need host keys in /etc/ssh_known_hosts
1.8 deraadt 31: RhostsRSAAuthentication no
1.1 deraadt 32: #
1.8 deraadt 33: RSAAuthentication yes
1.6 deraadt 34:
35: # To disable tunneled clear text passwords, change to no here!
1.5 deraadt 36: PasswordAuthentication yes
1.1 deraadt 37: PermitEmptyPasswords no
1.9 markus 38: # Uncomment to disable s/key passwords
39: #SkeyAuthentication no
1.6 deraadt 40:
41: # To change Kerberos options
42: #KerberosAuthentication no
1.1 deraadt 43: #KerberosOrLocalPasswd yes
1.6 deraadt 44: #AFSTokenPassing no
45: #KerberosTicketCleanup no
1.1 deraadt 46:
47: # Kerberos TGT Passing does only work with the AFS kaserver
48: #KerberosTgtPassing yes
49:
1.10 markus 50: #CheckMail yes
1.6 deraadt 51: #UseLogin no
1.16.2.1! jason 52:
! 53: #Subsystem sftp /usr/local/sbin/sftpd
! 54: #MaxStartups 10:30:60