1 # This is the sshd server system-wide configuration file. See
2 # sshd_config(5) for more information.
4 # The strategy used for options in the default sshd_config shipped with
5 # OpenSSH is to specify options with their default value where
6 # possible, but leave them commented. Uncommented options change a
11 #ListenAddress 0.0.0.0
14 # HostKey for protocol version 1
15 #HostKey /etc/ssh/ssh_host_key
16 # HostKeys for protocol version 2
17 #HostKey /etc/ssh/ssh_host_rsa_key
18 #HostKey /etc/ssh/ssh_host_dsa_key
20 # Lifetime and size of ephemeral version 1 server key
21 KeyRegenerationInterval 3600
25 #obsoletes QuietMode and FascistLogging
36 #PubkeyAuthentication yes
37 #AuthorizedKeysFile .ssh/authorized_keys
39 # rhosts authentication should not be used
40 RhostsAuthentication no
41 # Don't read the user's ~/.rhosts and ~/.shosts files
43 # For this to work you will also need host keys in /etc/ssh_known_hosts
44 RhostsRSAAuthentication no
45 # similar for protocol version 2
46 #HostbasedAuthentication no
47 # Change to yes if you don't trust ~/.ssh/known_hosts for
48 # RhostsRSAAuthentication and HostbasedAuthentication
49 #IgnoreUserKnownHosts no
51 # To disable tunneled clear text passwords, change to no here!
52 PasswordAuthentication yes
53 PermitEmptyPasswords no
55 # Change to no to disable s/key passwords
56 #ChallengeResponseAuthentication yes
59 #KerberosAuthentication no
60 #KerberosOrLocalPasswd yes
61 #KerberosTicketCleanup yes
65 # Kerberos TGT Passing only works with the AFS kaserver
66 #KerberosTgtPassing no
68 # Set this to 'yes' to enable PAM keyboard-interactive authentication
69 # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
70 #PAMAuthenticationViaKbdInt yes
79 #UsePrivilegeSeparation yes
83 # no default banner path
85 #VerifyReverseMapping no
87 # override default of no subsystems
88 #Subsystem sftp /usr/lib/openssh/sftp-server