[packages/openssh.git] / opensshd.conf

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
Protocol 1,2
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

# Authentication:

LoginGraceTime 600
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication 
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

X11Forwarding no
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd yes
#PrintLastLog yes
KeepAlive yes
UseLogin no

# enabling this can cause some problems with for example pam_limit
UsePrivilegeSeparation no

#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
#Subsystem	sftp	/usr/lib/openssh/sftp-server
Commit	Line	Data
87606687 JB	1	# This is the sshd server system-wide configuration file. See
	2	# sshd_config(5) for more information.
	3
	4	# The strategy used for options in the default sshd_config shipped with
	5	# OpenSSH is to specify options with their default value where
	6	# possible, but leave them commented. Uncommented options change a
	7	# default value.
cf3b46d6 AF	8
cf3b46d6 AF	9	Port 22
49b902b2	10	Protocol 1,2
3f1168a9 AM	11	#ListenAddress 0.0.0.0
3f1168a9 AM	12	#ListenAddress ::
87606687 JB	13
87606687 JB	14	# HostKey for protocol version 1
49b902b2	15	#HostKey /etc/ssh/ssh_host_key
87606687 JB	16	# HostKeys for protocol version 2
87606687 JB	17	#HostKey /etc/ssh/ssh_host_rsa_key
c94945b8	18	#HostKey /etc/ssh/ssh_host_dsa_key
87606687 JB	19
87606687 JB	20	# Lifetime and size of ephemeral version 1 server key
cf3b46d6	21	KeyRegenerationInterval 3600
87606687	22	ServerKeyBits 768
3f1168a9 AM	23
3f1168a9 AM	24	# Logging
87606687	25	#obsoletes QuietMode and FascistLogging
3f1168a9 AM	26	SyslogFacility AUTH
3f1168a9 AM	27	LogLevel INFO
3f1168a9	28
87606687 JB	29	# Authentication:
	30
	31	LoginGraceTime 600
	32	PermitRootLogin no
	33	StrictModes yes
	34
	35	RSAAuthentication yes
	36	#PubkeyAuthentication yes
	37	#AuthorizedKeysFile .ssh/authorized_keys
	38
	39	# rhosts authentication should not be used
cf3b46d6	40	RhostsAuthentication no
87606687 JB	41	# Don't read the user's ~/.rhosts and ~/.shosts files
87606687 JB	42	IgnoreRhosts yes
3f1168a9 AM	43	# For this to work you will also need host keys in /etc/ssh_known_hosts
3f1168a9 AM	44	RhostsRSAAuthentication no
87606687 JB	45	# similar for protocol version 2
	46	#HostbasedAuthentication no
	47	# Change to yes if you don't trust ~/.ssh/known_hosts for
	48	# RhostsRSAAuthentication and HostbasedAuthentication
	49	#IgnoreUserKnownHosts no
3f1168a9 AM	50
3f1168a9 AM	51	# To disable tunneled clear text passwords, change to no here!
cf3b46d6	52	PasswordAuthentication yes
3f1168a9	53	PermitEmptyPasswords no
3f1168a9	54
87606687 JB	55	# Change to no to disable s/key passwords
	56	#ChallengeResponseAuthentication yes
	57
	58	# Kerberos options
3f1168a9 AM	59	#KerberosAuthentication no
3f1168a9 AM	60	#KerberosOrLocalPasswd yes
87606687 JB	61	#KerberosTicketCleanup yes
87606687 JB	62
3f1168a9	63	#AFSTokenPassing no
3f1168a9	64
87606687 JB	65	# Kerberos TGT Passing only works with the AFS kaserver
87606687 JB	66	#KerberosTgtPassing no
3f1168a9	67
87606687 JB	68	# Set this to 'yes' to enable PAM keyboard-interactive authentication
	69	# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
	70	#PAMAuthenticationViaKbdInt yes
	71
	72	X11Forwarding no
	73	X11DisplayOffset 10
	74	X11UseLocalhost yes
	75	PrintMotd yes
	76	#PrintLastLog yes
	77	KeepAlive yes
20cf0130	78	UseLogin no
2de8e69e AM	79
	80	# enabling this can cause some problems with for example pam_limit
	81	UsePrivilegeSeparation no
	82
87606687 JB	83	#Compression yes
	84
	85	#MaxStartups 10
	86	# no default banner path
	87	#Banner /some/path
	88	#VerifyReverseMapping no
	89
	90	# override default of no subsystems
	91	#Subsystem sftp /usr/lib/openssh/sftp-server