1 changed files with 122 additions and 0 deletions
@ -0,0 +1,122 @@ |
|||
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ |
|||
|
|||
# This is the sshd server system-wide configuration file. See |
|||
# sshd_config(5) for more information. |
|||
|
|||
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin |
|||
|
|||
# The strategy used for options in the default sshd_config shipped with |
|||
# OpenSSH is to specify options with their default value where |
|||
# possible, but leave them commented. Uncommented options override the |
|||
# default value. |
|||
|
|||
#Port 22 |
|||
#AddressFamily any |
|||
#ListenAddress 0.0.0.0 |
|||
#ListenAddress :: |
|||
|
|||
#HostKey /etc/ssh/ssh_host_rsa_key |
|||
#HostKey /etc/ssh/ssh_host_ecdsa_key |
|||
#HostKey /etc/ssh/ssh_host_ed25519_key |
|||
|
|||
# Ciphers and keying |
|||
#RekeyLimit default none |
|||
|
|||
# Logging |
|||
SyslogFacility AUTH |
|||
LogLevel INFO |
|||
|
|||
# Authentication: |
|||
|
|||
#LoginGraceTime 2m |
|||
#PermitRootLogin yes |
|||
#StrictModes yes |
|||
#MaxAuthTries 6 |
|||
#MaxSessions 10 |
|||
|
|||
#PubkeyAuthentication yes |
|||
|
|||
# Expect .ssh/authorized_keys2 to be disregarded by default in future. |
|||
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 |
|||
|
|||
#AuthorizedPrincipalsFile none |
|||
|
|||
#AuthorizedKeysCommand none |
|||
#AuthorizedKeysCommandUser nobody |
|||
|
|||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts |
|||
#HostbasedAuthentication no |
|||
# Change to yes if you don't trust ~/.ssh/known_hosts for |
|||
# HostbasedAuthentication |
|||
#IgnoreUserKnownHosts no |
|||
# Don't read the user's ~/.rhosts and ~/.shosts files |
|||
#IgnoreRhosts yes |
|||
|
|||
# To disable tunneled clear text passwords, change to no here! |
|||
#PasswordAuthentication yes |
|||
#PermitEmptyPasswords no |
|||
|
|||
# Change to yes to enable challenge-response passwords (beware issues with |
|||
# some PAM modules and threads) |
|||
ChallengeResponseAuthentication no |
|||
|
|||
# Kerberos options |
|||
#KerberosAuthentication no |
|||
#KerberosOrLocalPasswd yes |
|||
#KerberosTicketCleanup yes |
|||
#KerberosGetAFSToken no |
|||
|
|||
# GSSAPI options |
|||
#GSSAPIAuthentication no |
|||
#GSSAPICleanupCredentials yes |
|||
#GSSAPIStrictAcceptorCheck yes |
|||
#GSSAPIKeyExchange no |
|||
|
|||
# Set this to 'yes' to enable PAM authentication, account processing, |
|||
# and session processing. If this is enabled, PAM authentication will |
|||
# be allowed through the ChallengeResponseAuthentication and |
|||
# PasswordAuthentication. Depending on your PAM configuration, |
|||
# PAM authentication via ChallengeResponseAuthentication may bypass |
|||
# the setting of "PermitRootLogin without-password". |
|||
# If you just want the PAM account and session checks to run without |
|||
# PAM authentication, then enable this but set PasswordAuthentication |
|||
# and ChallengeResponseAuthentication to 'no'. |
|||
UsePAM yes |
|||
|
|||
#AllowAgentForwarding yes |
|||
#AllowTcpForwarding yes |
|||
#GatewayPorts no |
|||
X11Forwarding yes |
|||
#X11DisplayOffset 10 |
|||
#X11UseLocalhost yes |
|||
#PermitTTY yes |
|||
PrintMotd no |
|||
#PrintLastLog yes |
|||
#TCPKeepAlive yes |
|||
#UseLogin no |
|||
#PermitUserEnvironment no |
|||
#Compression delayed |
|||
#ClientAliveInterval 0 |
|||
#ClientAliveCountMax 3 |
|||
#UseDNS no |
|||
#PidFile /var/run/sshd.pid |
|||
#MaxStartups 10:30:100 |
|||
#PermitTunnel no |
|||
#ChrootDirectory none |
|||
#VersionAddendum none |
|||
|
|||
# no default banner path |
|||
#Banner none |
|||
|
|||
# Allow client to pass locale environment variables |
|||
AcceptEnv LANG LC_* |
|||
|
|||
# override default of no subsystems |
|||
Subsystem sftp /usr/lib/openssh/sftp-server |
|||
|
|||
# Example of overriding settings on a per-user basis |
|||
#Match User anoncvs |
|||
# X11Forwarding no |
|||
# AllowTcpForwarding no |
|||
# PermitTTY no |
|||
# ForceCommand cvs server |
|||
Loading…
Reference in new issue