# This is ssh server systemwide configuration file.
Port 22
-### For IPv6
-# ListenAddress ::
-ListenAddress 0.0.0.0
-HostKey /etc/ssh/ssh_host_key
-#RandomSeed /etc/ssh/ssh_random_seed
+Protocol 1,2
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+#HostKey /etc/ssh/ssh_host_key
+#HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTgtPassing yes
KeyRegenerationInterval 3600
PermitRootLogin no
+#
+# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
StrictModes yes
-#QuietMode no
-X11Forwarding yes
+X11Forwarding no
X11DisplayOffset 10
-#FascistLogging no
+X11UseLocalhost yes
PrintMotd yes
KeepAlive yes
-SyslogFacility DAEMON
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+#obsoletes QuietMode and FascistLogging
+
RhostsAuthentication no
-RhostsRSAAuthentication yes
+#
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+#
RSAAuthentication yes
+
+# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
-PermitEmptyPasswords yes
-UseLogin yes
-CheckMail yes
-# PidFile /u/zappa/.ssh/pid
-# AllowHosts *.our.com friend.other.com
-# DenyHosts lowsecurity.theirs.com *.evil.org evil.org
-# Umask 022
-# SilentDeny yes
+PermitEmptyPasswords no
+# Uncomment to disable s/key passwords
+#SkeyAuthentication no
+
+# To change Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#AFSTokenPassing no
+#KerberosTicketCleanup no
+
+# Kerberos TGT Passing does only work with the AFS kaserver
+#KerberosTgtPassing yes
+
+UseLogin no