Annotation of src/usr.bin/ssh/sshd_config, Revision 1.8
1.1 deraadt 1: # This is ssh server systemwide configuration file.
2:
3: Port 22
4: ListenAddress 0.0.0.0
1.2 deraadt 5: HostKey /etc/ssh_host_key
1.1 deraadt 6: ServerKeyBits 768
7: LoginGraceTime 600
8: KeyRegenerationInterval 3600
9: PermitRootLogin yes
10: #
11: # Don't read ~/.rhosts and ~/.shosts files
12: IgnoreRhosts yes
13: StrictModes yes
14: QuietMode no
1.3 deraadt 15: X11Forwarding no
16: X11DisplayOffset 10
1.1 deraadt 17: FascistLogging no
18: PrintMotd yes
19: KeepAlive yes
1.4 deraadt 20: SyslogFacility AUTH
1.1 deraadt 21: RhostsAuthentication no
22: #
1.2 deraadt 23: # For this to work you will also need host keys in /etc/ssh_known_hosts
1.8 ! deraadt 24: RhostsRSAAuthentication no
1.1 deraadt 25: #
26: # Changed RSAAuthentication to no/bg
1.8 ! deraadt 27: RSAAuthentication yes
1.6 deraadt 28:
29: # To disable tunneled clear text passwords, change to no here!
1.5 deraadt 30: PasswordAuthentication yes
1.1 deraadt 31: PermitEmptyPasswords no
1.6 deraadt 32:
33: # To change Kerberos options
34: #KerberosAuthentication no
1.1 deraadt 35: #KerberosOrLocalPasswd yes
1.6 deraadt 36: #AFSTokenPassing no
37: #KerberosTicketCleanup no
1.1 deraadt 38:
39: # Kerberos TGT Passing does only work with the AFS kaserver
40: #KerberosTgtPassing yes
41:
1.6 deraadt 42: # XXX implement these
43: #UseLogin no
44: #CheckMail no
45:
1.1 deraadt 46: # AllowHosts *.our.com friend.other.com
47: # DenyHosts lowsecurity.theirs.com *.evil.org evil.org
1.4 deraadt 48: