Changeset View
Changeset View
Standalone View
Standalone View
sshd_config
# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ | # $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ | ||||
# This is the sshd server system-wide configuration file. See | # This is the sshd server system-wide configuration file. See | ||||
# sshd_config(5) for more information. | # sshd_config(5) for more information. | ||||
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | ||||
# The strategy used for options in the default sshd_config shipped with | # The strategy used for options in the default sshd_config shipped with | ||||
# OpenSSH is to specify options with their default value where | # OpenSSH is to specify options with their default value where | ||||
# possible, but leave them commented. Uncommented options override the | # possible, but leave them commented. Uncommented options override the | ||||
# default value. | # default value. | ||||
# Note that some of FreeBSD's defaults differ from OpenBSD's, and | |||||
# FreeBSD has a few additional options. | |||||
#Port 22 | #Port 22 | ||||
#AddressFamily any | #AddressFamily any | ||||
#ListenAddress 0.0.0.0 | #ListenAddress 0.0.0.0 | ||||
#ListenAddress :: | #ListenAddress :: | ||||
#HostKey /etc/ssh/ssh_host_rsa_key | #HostKey /etc/ssh/ssh_host_rsa_key | ||||
#HostKey /etc/ssh/ssh_host_ecdsa_key | #HostKey /etc/ssh/ssh_host_ecdsa_key | ||||
#HostKey /etc/ssh/ssh_host_ed25519_key | #HostKey /etc/ssh/ssh_host_ed25519_key | ||||
# Ciphers and keying | # Ciphers and keying | ||||
#RekeyLimit default none | #RekeyLimit default none | ||||
# Logging | # Logging | ||||
#SyslogFacility AUTH | #SyslogFacility AUTH | ||||
#LogLevel INFO | #LogLevel INFO | ||||
# Authentication: | # Authentication: | ||||
#LoginGraceTime 2m | #LoginGraceTime 2m | ||||
#PermitRootLogin prohibit-password | #PermitRootLogin no | ||||
#StrictModes yes | #StrictModes yes | ||||
#MaxAuthTries 6 | #MaxAuthTries 6 | ||||
#MaxSessions 10 | #MaxSessions 10 | ||||
#PubkeyAuthentication yes | #PubkeyAuthentication yes | ||||
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 | ||||
# but this is overridden so installations will only check .ssh/authorized_keys | # but this is overridden so installations will only check .ssh/authorized_keys | ||||
AuthorizedKeysFile .ssh/authorized_keys | AuthorizedKeysFile .ssh/authorized_keys | ||||
#AuthorizedPrincipalsFile none | #AuthorizedPrincipalsFile none | ||||
#AuthorizedKeysCommand none | #AuthorizedKeysCommand none | ||||
#AuthorizedKeysCommandUser nobody | #AuthorizedKeysCommandUser nobody | ||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | ||||
#HostbasedAuthentication no | #HostbasedAuthentication no | ||||
# Change to yes if you don't trust ~/.ssh/known_hosts for | # Change to yes if you don't trust ~/.ssh/known_hosts for | ||||
# HostbasedAuthentication | # HostbasedAuthentication | ||||
#IgnoreUserKnownHosts no | #IgnoreUserKnownHosts no | ||||
# Don't read the user's ~/.rhosts and ~/.shosts files | # Don't read the user's ~/.rhosts and ~/.shosts files | ||||
#IgnoreRhosts yes | #IgnoreRhosts yes | ||||
# To disable tunneled clear text passwords, change to no here! | # Change to yes to enable built-in password authentication. | ||||
#PasswordAuthentication yes | #PasswordAuthentication no | ||||
#PermitEmptyPasswords no | #PermitEmptyPasswords no | ||||
# Change to no to disable s/key passwords | # Change to no to disable PAM authentication | ||||
#KbdInteractiveAuthentication yes | #KbdInteractiveAuthentication yes | ||||
# Kerberos options | # Kerberos options | ||||
#KerberosAuthentication no | #KerberosAuthentication no | ||||
#KerberosOrLocalPasswd yes | #KerberosOrLocalPasswd yes | ||||
#KerberosTicketCleanup yes | #KerberosTicketCleanup yes | ||||
#KerberosGetAFSToken no | #KerberosGetAFSToken no | ||||
# GSSAPI options | # GSSAPI options | ||||
#GSSAPIAuthentication no | #GSSAPIAuthentication no | ||||
#GSSAPICleanupCredentials yes | #GSSAPICleanupCredentials yes | ||||
# Set this to 'yes' to enable PAM authentication, account processing, | # Set this to 'no' to disable PAM authentication, account processing, | ||||
# and session processing. If this is enabled, PAM authentication will | # and session processing. If this is enabled, PAM authentication will | ||||
# be allowed through the KbdInteractiveAuthentication and | # be allowed through the KbdInteractiveAuthentication and | ||||
# PasswordAuthentication. Depending on your PAM configuration, | # PasswordAuthentication. Depending on your PAM configuration, | ||||
# PAM authentication via KbdInteractiveAuthentication may bypass | # PAM authentication via KbdInteractiveAuthentication may bypass | ||||
# the setting of "PermitRootLogin without-password". | # the setting of "PermitRootLogin without-password". | ||||
# If you just want the PAM account and session checks to run without | # If you just want the PAM account and session checks to run without | ||||
# PAM authentication, then enable this but set PasswordAuthentication | # PAM authentication, then enable this but set PasswordAuthentication | ||||
# and KbdInteractiveAuthentication to 'no'. | # and KbdInteractiveAuthentication to 'no'. | ||||
#UsePAM no | #UsePAM yes | ||||
#AllowAgentForwarding yes | #AllowAgentForwarding yes | ||||
#AllowTcpForwarding yes | #AllowTcpForwarding yes | ||||
#GatewayPorts no | #GatewayPorts no | ||||
#X11Forwarding no | #X11Forwarding yes | ||||
#X11DisplayOffset 10 | #X11DisplayOffset 10 | ||||
#X11UseLocalhost yes | #X11UseLocalhost yes | ||||
#PermitTTY yes | #PermitTTY yes | ||||
#PrintMotd yes | #PrintMotd yes | ||||
#PrintLastLog yes | #PrintLastLog yes | ||||
#TCPKeepAlive yes | #TCPKeepAlive yes | ||||
#PermitUserEnvironment no | #PermitUserEnvironment no | ||||
#Compression delayed | #Compression delayed | ||||
#ClientAliveInterval 0 | #ClientAliveInterval 0 | ||||
#ClientAliveCountMax 3 | #ClientAliveCountMax 3 | ||||
#UseDNS no | #UseDNS yes | ||||
#PidFile /var/run/sshd.pid | #PidFile /var/run/sshd.pid | ||||
#MaxStartups 10:30:100 | #MaxStartups 10:30:100 | ||||
#PermitTunnel no | #PermitTunnel no | ||||
#ChrootDirectory none | #ChrootDirectory none | ||||
#VersionAddendum none | #UseBlacklist no | ||||
#VersionAddendum FreeBSD-20220415 | |||||
# no default banner path | # no default banner path | ||||
#Banner none | #Banner none | ||||
# override default of no subsystems | # override default of no subsystems | ||||
Subsystem sftp /usr/libexec/sftp-server | Subsystem sftp /usr/libexec/sftp-server | ||||
# Example of overriding settings on a per-user basis | # Example of overriding settings on a per-user basis | ||||
#Match User anoncvs | #Match User anoncvs | ||||
# X11Forwarding no | # X11Forwarding no | ||||
# AllowTcpForwarding no | # AllowTcpForwarding no | ||||
# PermitTTY no | # PermitTTY no | ||||
# ForceCommand cvs server | # ForceCommand cvs server |