freebsd-dev/crypto/openssh/sshd_config

#	$OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
#	$FreeBSD$

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20030423

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
#PermitRootLogin no
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server
Resolve conflicts. 2002-10-29 10:16:02 +00:00			`# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $`
Document FreeBSD defaults. Sponsored by: DARPA, NAI Labs 2002-06-29 10:55:18 +00:00			`# $FreeBSD$`
Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs 2002-06-23 16:09:08 +00:00			`# This is the sshd server system-wide configuration file. See`
			`# sshd_config(5) for more information.`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Forcibly revert to mainline. 2002-06-27 22:42:11 +00:00			`# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin`

Fix conflicts. 2002-03-18 10:09:43 +00:00			`# The strategy used for options in the default sshd_config shipped with`
			`# OpenSSH is to specify options with their default value where`
			`# possible, but leave them commented. Uncommented options change a`
			`# default value.`

Document FreeBSD defaults. Sponsored by: DARPA, NAI Labs 2002-06-29 10:55:18 +00:00			`# Note that some of FreeBSD's defaults differ from OpenBSD's, and`
			`# FreeBSD has a few additional options.`

Resolve conflicts. 2003-04-23 17:13:13 +00:00			`#VersionAddendum FreeBSD-20030423`
Document FreeBSD defaults. Sponsored by: DARPA, NAI Labs 2002-06-29 10:55:18 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#Port 22`
Resolve conflicts and update for FreeBSD. 2000-05-15 05:24:25 +00:00			`#Protocol 2,1`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00			`#ListenAddress 0.0.0.0`
			`#ListenAddress ::`
Fix conflicts. 2002-03-18 10:09:43 +00:00
			`# HostKey for protocol version 1`
			`#HostKey /etc/ssh/ssh_host_key`
			`# HostKeys for protocol version 2`
			`#HostKey /etc/ssh/ssh_host_dsa_key`

			`# Lifetime and size of ephemeral version 1 server key`
			`#KeyRegenerationInterval 3600`
			`#ServerKeyBits 768`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
			`# Logging`
			`#obsoletes QuietMode and FascistLogging`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#SyslogFacility AUTH`
			`#LogLevel INFO`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`# Authentication:`

Document FreeBSD defaults. Sponsored by: DARPA, NAI Labs 2002-06-29 10:55:18 +00:00			`#LoginGraceTime 120`
			`#PermitRootLogin no`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#StrictModes yes`

			`#RSAAuthentication yes`
			`#PubkeyAuthentication yes`
			`#AuthorizedKeysFile .ssh/authorized_keys`

			`# rhosts authentication should not be used`
			`#RhostsAuthentication no`
			`# Don't read the user's ~/.rhosts and ~/.shosts files`
			`#IgnoreRhosts yes`
			`# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts`
			`#RhostsRSAAuthentication no`
Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00			`# similar for protocol version 2`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#HostbasedAuthentication no`
			`# Change to yes if you don't trust ~/.ssh/known_hosts for`
			`# RhostsRSAAuthentication and HostbasedAuthentication`
			`#IgnoreUserKnownHosts no`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
			`# To disable tunneled clear text passwords, change to no here!`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#PasswordAuthentication yes`
			`#PermitEmptyPasswords no`
Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
Two FreeBSD-specific nits in comments: - ChallengeResponseAuthentication controls PAM, not S/Key - We don't honor PAMAuthenticationViaKbdInt, because the code path it controls doesn't make sense for us, so don't mention it. Sponsored by: DARPA, NAI Labs 2002-07-03 00:08:19 +00:00			`# Change to no to disable PAM authentication`
Back out previous commit. 2002-04-25 16:53:25 +00:00			`#ChallengeResponseAuthentication yes`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`# Kerberos options`
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs 2002-06-23 16:09:08 +00:00			`#KerberosAuthentication no`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00			`#KerberosOrLocalPasswd yes`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#KerberosTicketCleanup yes`

Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs 2002-06-23 16:09:08 +00:00			`#AFSTokenPassing no`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`# Kerberos TGT Passing only works with the AFS kaserver`
			`#KerberosTgtPassing no`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Document FreeBSD defaults. Sponsored by: DARPA, NAI Labs 2002-06-29 10:55:18 +00:00			`#X11Forwarding yes`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#X11DisplayOffset 10`
			`#X11UseLocalhost yes`
			`#PrintMotd yes`
			`#PrintLastLog yes`
			`#KeepAlive yes`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00			`#UseLogin no`
Forcibly revert to mainline. 2002-06-27 22:42:11 +00:00			`#UsePrivilegeSeparation yes`
Resolve conflicts. 2002-10-29 10:16:02 +00:00			`#PermitUserEnvironment no`
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs 2002-06-23 16:09:08 +00:00			`#Compression yes`
Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green 2000-09-10 09:35:38 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#MaxStartups 10`
			`# no default banner path`
			`#Banner /some/path`
			`#VerifyReverseMapping no`
Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`# override default of no subsystems`
Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00			`Subsystem sftp /usr/libexec/sftp-server`