sshd_config 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
  2. # This is the sshd server system-wide configuration file. See
  3. # sshd_config(5) for more information.
  4. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  5. # The strategy used for options in the default sshd_config shipped with
  6. # OpenSSH is to specify options with their default value where
  7. # possible, but leave them commented. Uncommented options override the
  8. # default value.
  9. Port 4242
  10. #AddressFamily any
  11. #ListenAddress 0.0.0.0
  12. #ListenAddress ::
  13. #HostKey /etc/ssh/ssh_host_rsa_key
  14. #HostKey /etc/ssh/ssh_host_ecdsa_key
  15. #HostKey /etc/ssh/ssh_host_ed25519_key
  16. # Ciphers and keying
  17. #RekeyLimit default none
  18. # Logging
  19. #SyslogFacility AUTH
  20. #LogLevel INFO
  21. # Authentication:
  22. LoginGraceTime 30
  23. PermitRootLogin no
  24. #StrictModes yes
  25. #MaxAuthTries 6
  26. #MaxSessions 10
  27. PubkeyAuthentication yes
  28. # Expect .ssh/authorized_keys2 to be disregarded by default in future.
  29. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
  30. #AuthorizedPrincipalsFile none
  31. #AuthorizedKeysCommand none
  32. #AuthorizedKeysCommandUser nobody
  33. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  34. #HostbasedAuthentication no
  35. # Change to yes if you don't trust ~/.ssh/known_hosts for
  36. # HostbasedAuthentication
  37. #IgnoreUserKnownHosts no
  38. # Don't read the user's ~/.rhosts and ~/.shosts files
  39. #IgnoreRhosts yes
  40. # To disable tunneled clear text passwords, change to no here!
  41. PasswordAuthentication no
  42. #PermitEmptyPasswords no
  43. # Change to yes to enable challenge-response passwords (beware issues with
  44. # some PAM modules and threads)
  45. ChallengeResponseAuthentication no
  46. # Kerberos options
  47. #KerberosAuthentication no
  48. #KerberosOrLocalPasswd yes
  49. #KerberosTicketCleanup yes
  50. #KerberosGetAFSToken no
  51. # GSSAPI options
  52. #GSSAPIAuthentication no
  53. #GSSAPICleanupCredentials yes
  54. #GSSAPIStrictAcceptorCheck yes
  55. #GSSAPIKeyExchange no
  56. # Set this to 'yes' to enable PAM authentication, account processing,
  57. # and session processing. If this is enabled, PAM authentication will
  58. # be allowed through the ChallengeResponseAuthentication and
  59. # PasswordAuthentication. Depending on your PAM configuration,
  60. # PAM authentication via ChallengeResponseAuthentication may bypass
  61. # the setting of "PermitRootLogin without-password".
  62. # If you just want the PAM account and session checks to run without
  63. # PAM authentication, then enable this but set PasswordAuthentication
  64. # and ChallengeResponseAuthentication to 'no'.
  65. UsePAM yes
  66. #AllowAgentForwarding yes
  67. #AllowTcpForwarding yes
  68. #GatewayPorts no
  69. X11Forwarding yes
  70. #X11DisplayOffset 10
  71. #X11UseLocalhost yes
  72. #PermitTTY yes
  73. PrintMotd no
  74. #PrintLastLog yes
  75. #TCPKeepAlive yes
  76. #UseLogin no
  77. #UsePrivilegeSeparation sandbox
  78. #PermitUserEnvironment no
  79. #Compression delayed
  80. #ClientAliveInterval 0
  81. #ClientAliveCountMax 3
  82. #UseDNS no
  83. #PidFile /var/run/sshd.pid
  84. #MaxStartups 10:30:100
  85. #PermitTunnel no
  86. #ChrootDirectory none
  87. #VersionAddendum none
  88. # no default banner path
  89. #Banner none
  90. # Allow client to pass locale environment variables
  91. AcceptEnv LANG LC_*
  92. # override default of no subsystems
  93. Subsystem sftp /usr/lib/openssh/sftp-server
  94. # Example of overriding settings on a per-user basis
  95. #Match User anoncvs
  96. # X11Forwarding no
  97. # AllowTcpForwarding no
  98. # PermitTTY no
  99. # ForceCommand cvs server