Annotation of src/usr.bin/ssh/sshd_config, Revision 1.22
1.1 deraadt 1: # This is ssh server systemwide configuration file.
2:
3: Port 22
1.16 todd 4: #Protocol 2,1
1.15 markus 5: #ListenAddress 0.0.0.0
6: #ListenAddress ::
1.2 deraadt 7: HostKey /etc/ssh_host_key
1.22 ! markus 8: #HostKey /etc/ssh_host_dsa_key
1.1 deraadt 9: ServerKeyBits 768
10: LoginGraceTime 600
11: KeyRegenerationInterval 3600
12: PermitRootLogin yes
13: #
14: # Don't read ~/.rhosts and ~/.shosts files
15: IgnoreRhosts yes
1.14 markus 16: # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
17: #IgnoreUserKnownHosts yes
1.1 deraadt 18: StrictModes yes
1.3 deraadt 19: X11Forwarding no
20: X11DisplayOffset 10
1.1 deraadt 21: PrintMotd yes
22: KeepAlive yes
1.13 markus 23:
24: # Logging
1.4 deraadt 25: SyslogFacility AUTH
1.13 markus 26: LogLevel INFO
27: #obsoletes QuietMode and FascistLogging
28:
1.1 deraadt 29: RhostsAuthentication no
30: #
1.2 deraadt 31: # For this to work you will also need host keys in /etc/ssh_known_hosts
1.8 deraadt 32: RhostsRSAAuthentication no
1.1 deraadt 33: #
1.8 deraadt 34: RSAAuthentication yes
1.6 deraadt 35:
36: # To disable tunneled clear text passwords, change to no here!
1.5 deraadt 37: PasswordAuthentication yes
1.1 deraadt 38: PermitEmptyPasswords no
1.9 markus 39: # Uncomment to disable s/key passwords
40: #SkeyAuthentication no
1.21 markus 41: #KbdInteractiveAuthentication yes
1.6 deraadt 42:
43: # To change Kerberos options
44: #KerberosAuthentication no
1.1 deraadt 45: #KerberosOrLocalPasswd yes
1.6 deraadt 46: #AFSTokenPassing no
47: #KerberosTicketCleanup no
1.1 deraadt 48:
49: # Kerberos TGT Passing does only work with the AFS kaserver
50: #KerberosTgtPassing yes
51:
1.10 markus 52: #CheckMail yes
1.6 deraadt 53: #UseLogin no
1.17 jakob 54:
1.20 markus 55: # Uncomment if you want to enable sftp
56: #Subsystem sftp /usr/libexec/sftp-server
1.19 markus 57: #MaxStartups 10:30:60