1 # This is the sshd server system-wide configuration file. See
2 # sshd_config(5) for more information.
4 # The strategy used for options in the default sshd_config shipped with
5 # OpenSSH is to specify options with their default value where
6 # possible, but leave them commented. Uncommented options change a
12 #ListenAddress 0.0.0.0
15 # HostKey for protocol version 1
16 #HostKey /etc/ssh/ssh_host_key
17 # HostKeys for protocol version 2
18 #HostKey /etc/ssh/ssh_host_rsa_key
19 #HostKey /etc/ssh/ssh_host_dsa_key
21 # Lifetime and size of ephemeral version 1 server key
22 KeyRegenerationInterval 3600
26 #obsoletes QuietMode and FascistLogging
37 #PubkeyAuthentication yes
38 #AuthorizedKeysFile .ssh/authorized_keys
40 # Don't read the user's ~/.rhosts and ~/.shosts files
42 # For this to work you will also need host keys in /etc/ssh_known_hosts
43 RhostsRSAAuthentication no
44 # similar for protocol version 2
45 #HostbasedAuthentication no
46 # Change to yes if you don't trust ~/.ssh/known_hosts for
47 # RhostsRSAAuthentication and HostbasedAuthentication
48 #IgnoreUserKnownHosts no
50 # To disable tunneled clear text passwords, change to no here!
51 PasswordAuthentication yes
52 PermitEmptyPasswords no
54 # Change to no to disable s/key passwords
55 #ChallengeResponseAuthentication yes
58 #KerberosAuthentication no
59 #KerberosOrLocalPasswd yes
60 #KerberosTicketCleanup yes
64 # Kerberos TGT Passing only works with the AFS kaserver
65 #KerberosTgtPassing no
67 # Set this to 'yes' to enable PAM authentication (via challenge-response)
68 # and session processing. Depending on your PAM configuration, this may
69 # bypass the setting of 'PasswordAuthentication'
72 # Set this to 'yes' to enable support for chrooted user environment.
73 # You must create such environment before you can use this feature.
84 # enabling this can cause some problems with for example pam_limit
85 UsePrivilegeSeparation no
90 # no default banner path
92 #VerifyReverseMapping no
94 # override default of no subsystems
95 #Subsystem sftp /usr/lib/openssh/sftp-server
98 # http://securitytracker.com/alerts/2004/Sep/1011143.html