Annotation of src/usr.bin/ssh/sshd_config, Revision 1.6
1.1 deraadt 1: # This is ssh server systemwide configuration file.
2:
3: Port 22
4: ListenAddress 0.0.0.0
1.2 deraadt 5: HostKey /etc/ssh_host_key
6: RandomSeed /etc/ssh_random_seed
1.1 deraadt 7: ServerKeyBits 768
8: LoginGraceTime 600
9: KeyRegenerationInterval 3600
10: PermitRootLogin yes
11: #
12: # Don't read ~/.rhosts and ~/.shosts files
13: IgnoreRhosts yes
14: StrictModes yes
15: QuietMode no
1.3 deraadt 16: X11Forwarding no
17: X11DisplayOffset 10
1.1 deraadt 18: FascistLogging no
19: PrintMotd yes
20: KeepAlive yes
1.4 deraadt 21: SyslogFacility AUTH
1.1 deraadt 22: RhostsAuthentication no
23: #
1.2 deraadt 24: # For this to work you will also need host keys in /etc/ssh_known_hosts
1.1 deraadt 25: RhostsRSAAuthentication yes
26: #
27: # Changed RSAAuthentication to no/bg
28: RSAAuthentication no
1.6 ! deraadt 29:
! 30: # To disable tunneled clear text passwords, change to no here!
1.5 deraadt 31: PasswordAuthentication yes
1.1 deraadt 32: PermitEmptyPasswords no
1.6 ! deraadt 33:
! 34: # To change Kerberos options
! 35: #KerberosAuthentication no
1.1 deraadt 36: #KerberosOrLocalPasswd yes
1.6 ! deraadt 37: #AFSTokenPassing no
! 38: #KerberosTicketCleanup no
1.1 deraadt 39:
40: # Kerberos TGT Passing does only work with the AFS kaserver
41: #KerberosTgtPassing yes
42:
1.6 ! deraadt 43: # XXX implement these
! 44: #UseLogin no
! 45: #CheckMail no
! 46:
1.1 deraadt 47: # AllowHosts *.our.com friend.other.com
48: # DenyHosts lowsecurity.theirs.com *.evil.org evil.org
1.4 deraadt 49: