[packages/openssh.git] / opensshd.conf

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
Protocol 1,2
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

# Authentication:

LoginGraceTime 600
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
UsePAM yes

X11Forwarding no
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd yes
#PrintLastLog yes
KeepAlive yes
UseLogin no

# enabling this can cause some problems with for example pam_limit
UsePrivilegeSeparation no

#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
#Subsystem	sftp	/usr/lib/openssh/sftp-server
Commit	Line	Data
87606687 JB	1	# This is the sshd server system-wide configuration file. See
	2	# sshd_config(5) for more information.
	3
	4	# The strategy used for options in the default sshd_config shipped with
	5	# OpenSSH is to specify options with their default value where
	6	# possible, but leave them commented. Uncommented options change a
	7	# default value.
cf3b46d6 AF	8
cf3b46d6 AF	9	Port 22
49b902b2	10	Protocol 1,2
3f1168a9 AM	11	#ListenAddress 0.0.0.0
3f1168a9 AM	12	#ListenAddress ::
87606687 JB	13
87606687 JB	14	# HostKey for protocol version 1
49b902b2	15	#HostKey /etc/ssh/ssh_host_key
87606687 JB	16	# HostKeys for protocol version 2
87606687 JB	17	#HostKey /etc/ssh/ssh_host_rsa_key
c94945b8	18	#HostKey /etc/ssh/ssh_host_dsa_key
87606687 JB	19
87606687 JB	20	# Lifetime and size of ephemeral version 1 server key
cf3b46d6	21	KeyRegenerationInterval 3600
87606687	22	ServerKeyBits 768
3f1168a9 AM	23
3f1168a9 AM	24	# Logging
87606687	25	#obsoletes QuietMode and FascistLogging
3f1168a9 AM	26	SyslogFacility AUTH
3f1168a9 AM	27	LogLevel INFO
3f1168a9	28
87606687 JB	29	# Authentication:
	30
	31	LoginGraceTime 600
	32	PermitRootLogin no
	33	StrictModes yes
	34
	35	RSAAuthentication yes
	36	#PubkeyAuthentication yes
	37	#AuthorizedKeysFile .ssh/authorized_keys
	38
87606687 JB	39	# Don't read the user's ~/.rhosts and ~/.shosts files
87606687 JB	40	IgnoreRhosts yes
3f1168a9 AM	41	# For this to work you will also need host keys in /etc/ssh_known_hosts
3f1168a9 AM	42	RhostsRSAAuthentication no
87606687 JB	43	# similar for protocol version 2
	44	#HostbasedAuthentication no
	45	# Change to yes if you don't trust ~/.ssh/known_hosts for
	46	# RhostsRSAAuthentication and HostbasedAuthentication
	47	#IgnoreUserKnownHosts no
3f1168a9 AM	48
3f1168a9 AM	49	# To disable tunneled clear text passwords, change to no here!
cf3b46d6	50	PasswordAuthentication yes
3f1168a9	51	PermitEmptyPasswords no
3f1168a9	52
87606687 JB	53	# Change to no to disable s/key passwords
	54	#ChallengeResponseAuthentication yes
	55
	56	# Kerberos options
3f1168a9 AM	57	#KerberosAuthentication no
3f1168a9 AM	58	#KerberosOrLocalPasswd yes
87606687 JB	59	#KerberosTicketCleanup yes
87606687 JB	60
3f1168a9	61	#AFSTokenPassing no
3f1168a9	62
87606687 JB	63	# Kerberos TGT Passing only works with the AFS kaserver
87606687 JB	64	#KerberosTgtPassing no
3f1168a9	65
28c81c59 JR	66	# Set this to 'yes' to enable PAM authentication (via challenge-response)
	67	# and session processing. Depending on your PAM configuration, this may
	68	# bypass the setting of 'PasswordAuthentication'
	69	UsePAM yes
87606687 JB	70
	71	X11Forwarding no
	72	X11DisplayOffset 10
	73	X11UseLocalhost yes
	74	PrintMotd yes
	75	#PrintLastLog yes
	76	KeepAlive yes
20cf0130	77	UseLogin no
2de8e69e AM	78
	79	# enabling this can cause some problems with for example pam_limit
	80	UsePrivilegeSeparation no
	81
87606687 JB	82	#Compression yes
	83
	84	#MaxStartups 10
	85	# no default banner path
	86	#Banner /some/path
	87	#VerifyReverseMapping no
	88
	89	# override default of no subsystems
	90	#Subsystem sftp /usr/lib/openssh/sftp-server