Annotation of src/usr.bin/ssh/sshd_config, Revision 1.23
1.1 deraadt 1: # This is ssh server systemwide configuration file.
2:
3: Port 22
1.16 todd 4: #Protocol 2,1
1.15 markus 5: #ListenAddress 0.0.0.0
6: #ListenAddress ::
1.2 deraadt 7: HostKey /etc/ssh_host_key
1.23 ! markus 8: HostKey /etc/ssh_host_dsa_key
! 9: #HostKey /etc/ssh_host_rsa_key
1.1 deraadt 10: ServerKeyBits 768
11: LoginGraceTime 600
12: KeyRegenerationInterval 3600
13: PermitRootLogin yes
14: #
15: # Don't read ~/.rhosts and ~/.shosts files
16: IgnoreRhosts yes
1.14 markus 17: # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
18: #IgnoreUserKnownHosts yes
1.1 deraadt 19: StrictModes yes
1.3 deraadt 20: X11Forwarding no
21: X11DisplayOffset 10
1.1 deraadt 22: PrintMotd yes
23: KeepAlive yes
1.13 markus 24:
25: # Logging
1.4 deraadt 26: SyslogFacility AUTH
1.13 markus 27: LogLevel INFO
28: #obsoletes QuietMode and FascistLogging
29:
1.1 deraadt 30: RhostsAuthentication no
31: #
1.2 deraadt 32: # For this to work you will also need host keys in /etc/ssh_known_hosts
1.8 deraadt 33: RhostsRSAAuthentication no
1.1 deraadt 34: #
1.8 deraadt 35: RSAAuthentication yes
1.6 deraadt 36:
37: # To disable tunneled clear text passwords, change to no here!
1.5 deraadt 38: PasswordAuthentication yes
1.1 deraadt 39: PermitEmptyPasswords no
1.9 markus 40: # Uncomment to disable s/key passwords
41: #SkeyAuthentication no
1.21 markus 42: #KbdInteractiveAuthentication yes
1.6 deraadt 43:
44: # To change Kerberos options
45: #KerberosAuthentication no
1.1 deraadt 46: #KerberosOrLocalPasswd yes
1.6 deraadt 47: #AFSTokenPassing no
48: #KerberosTicketCleanup no
1.1 deraadt 49:
50: # Kerberos TGT Passing does only work with the AFS kaserver
51: #KerberosTgtPassing yes
52:
1.10 markus 53: #CheckMail yes
1.6 deraadt 54: #UseLogin no
1.17 jakob 55:
1.20 markus 56: # Uncomment if you want to enable sftp
57: #Subsystem sftp /usr/libexec/sftp-server
1.19 markus 58: #MaxStartups 10:30:60