1 # This is the sshd server system-wide configuration file. See
2 # sshd_config(5) for more information.
4 # The strategy used for options in the default sshd_config shipped with
5 # OpenSSH is to specify options with their default value where
6 # possible, but leave them commented. Uncommented options change a
11 #ListenAddress 0.0.0.0
14 # HostKey for protocol version 1
15 #HostKey /etc/ssh/ssh_host_key
16 # HostKeys for protocol version 2
17 #HostKey /etc/ssh/ssh_host_rsa_key
18 #HostKey /etc/ssh/ssh_host_dsa_key
20 # Lifetime and size of ephemeral version 1 server key
21 KeyRegenerationInterval 3600
25 #obsoletes QuietMode and FascistLogging
36 #PubkeyAuthentication yes
37 #AuthorizedKeysFile .ssh/authorized_keys
39 # Don't read the user's ~/.rhosts and ~/.shosts files
41 # For this to work you will also need host keys in /etc/ssh_known_hosts
42 RhostsRSAAuthentication no
43 # similar for protocol version 2
44 #HostbasedAuthentication no
45 # Change to yes if you don't trust ~/.ssh/known_hosts for
46 # RhostsRSAAuthentication and HostbasedAuthentication
47 #IgnoreUserKnownHosts no
49 # To disable tunneled clear text passwords, change to no here!
50 PasswordAuthentication yes
51 PermitEmptyPasswords no
53 # Change to no to disable s/key passwords
54 #ChallengeResponseAuthentication yes
57 #KerberosAuthentication no
58 #KerberosOrLocalPasswd yes
59 #KerberosTicketCleanup yes
63 # Kerberos TGT Passing only works with the AFS kaserver
64 #KerberosTgtPassing no
66 # Set this to 'yes' to enable PAM authentication (via challenge-response)
67 # and session processing. Depending on your PAM configuration, this may
68 # bypass the setting of 'PasswordAuthentication'
79 # enabling this can cause some problems with for example pam_limit
80 UsePrivilegeSeparation no
85 # no default banner path
87 #VerifyReverseMapping no
89 # override default of no subsystems
90 #Subsystem sftp /usr/lib/openssh/sftp-server