Spaces:
Paused
Paused
| # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ | |
| # This is the sshd server system-wide configuration file. See | |
| # sshd_config(5) for more information. | |
| # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | |
| # The strategy used for options in the default sshd_config shipped with | |
| # OpenSSH is to specify options with their default value where | |
| # possible, but leave them commented. Uncommented options override the | |
| # default value. | |
| Include /etc/ssh/sshd_config.d/*.conf | |
| Port 2222 | |
| #AddressFamily any | |
| ListenAddress 127.0.0.1 | |
| ListenAddress ::1 | |
| HostKey /etc/ssh/ssh_host_rsa_key | |
| HostKey /etc/ssh/ssh_host_ecdsa_key | |
| HostKey /etc/ssh/ssh_host_ed25519_key | |
| # Ciphers and keying | |
| #RekeyLimit default none | |
| # Logging | |
| SyslogFacility AUTH | |
| LogLevel INFO | |
| # Authentication: | |
| #LoginGraceTime 2m | |
| PermitRootLogin yes | |
| #StrictModes yes | |
| #MaxAuthTries 6 | |
| MaxSessions 4 | |
| #PubkeyAuthentication yes | |
| # Expect .ssh/authorized_keys2 to be disregarded by default in future. | |
| AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 | |
| #AuthorizedPrincipalsFile none | |
| #AuthorizedKeysCommand none | |
| AuthorizedKeysCommandUser * | |
| # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | |
| #HostbasedAuthentication no | |
| #StrictHostKeyChecking no | |
| # Change to yes if you don't trust ~/.ssh/known_hosts for | |
| # HostbasedAuthentication | |
| #IgnoreUserKnownHosts no | |
| # Don't read the user's ~/.rhosts and ~/.shosts files | |
| #IgnoreRhosts yes | |
| # To disable tunneled clear text passwords, change to no here! | |
| PasswordAuthentication yes | |
| #PermitEmptyPasswords yes | |
| # Change to yes to enable challenge-response passwords (beware issues with | |
| # some PAM modules and threads) | |
| ChallengeResponseAuthentication no | |
| # Kerberos options | |
| #KerberosAuthentication no | |
| #KerberosOrLocalPasswd yes | |
| #KerberosTicketCleanup yes | |
| #KerberosGetAFSToken no | |
| # GSSAPI options | |
| #GSSAPIAuthentication no | |
| #GSSAPICleanupCredentials yes | |
| #GSSAPIStrictAcceptorCheck yes | |
| #GSSAPIKeyExchange no | |
| # Set this to 'yes' to enable PAM authentication, account processing, | |
| # and session processing. If this is enabled, PAM authentication will | |
| # be allowed through the ChallengeResponseAuthentication and | |
| # PasswordAuthentication. Depending on your PAM configuration, | |
| # PAM authentication via ChallengeResponseAuthentication may bypass | |
| # the setting of "PermitRootLogin without-password". | |
| # If you just want the PAM account and session checks to run without | |
| # PAM authentication, then enable this but set PasswordAuthentication | |
| # and ChallengeResponseAuthentication to 'no'. | |
| UsePAM no | |
| #AllowAgentForwarding yes | |
| AllowTcpForwarding no | |
| #GatewayPorts no | |
| X11Forwarding yes | |
| #X11DisplayOffset 10 | |
| #X11UseLocalhost yes | |
| #PermitTTY yes | |
| PrintMotd no | |
| #PrintLastLog yes | |
| TCPKeepAlive yes | |
| PermitUserEnvironment yes | |
| #Compression delayed | |
| #ClientAliveInterval 0 | |
| #ClientAliveCountMax 3 | |
| #UseDNS no | |
| #PidFile /var/run/sshd.pid | |
| #MaxStartups 10:30:100 | |
| #PermitTunnel no | |
| #ChrootDirectory none | |
| #VersionAddendum none | |
| # no default banner path | |
| #Banner none | |
| # Allow client to pass locale environment variables | |
| AcceptEnv LANG LC_* | |
| # override default of no subsystems | |
| Subsystem sftp /usr/lib/openssh/sftp-server | |
| # Example of overriding settings on a per-user basis | |
| #Match User anoncvs | |
| # X11Forwarding no | |
| # AllowTcpForwarding no | |
| # PermitTTY no | |
| # ForceCommand cvs server | |
| AllowUsers * | |