freebsd-dev/crypto/openssh/sshd_config

#	$OpenBSD: src/usr.bin/ssh/sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $
# $FreeBSD$

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20020402

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
#PermitRootLogin no
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#CheckMail yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server
Fix conflicts. 2002-03-18 10:09:43 +00:00			`# $OpenBSD: src/usr.bin/ssh/sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $`
Usual after-import fixup of SCM IDs. 2002-05-01 22:39:53 +00:00			`# $FreeBSD$`
Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
			`# This is the sshd server system-wide configuration file. See sshd(8)`
			`# for more information.`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`# The strategy used for options in the default sshd_config shipped with`
			`# OpenSSH is to specify options with their default value where`
			`# possible, but leave them commented. Uncommented options change a`
			`# default value.`

			`# Note that some of FreeBSD's defaults differ from OpenBSD's, and`
			`# FreeBSD has a few additional options.`

Change the FreeBSD version addendum to "FreeBSD-20020402". This shortens the version string to 28 characters, which is below the 40-character limit specified in the proposed SECSH standard. Some servers, however (like the one built into the Foundry BigIron line of switches) will hang when confronted with a version string longer than 24 characters, so some users may need to shorten it further. Sponsored by: DARPA, NAI Labs 2002-04-02 21:53:54 +00:00			`#VersionAddendum FreeBSD-20020402`
Fix conflicts. 2002-03-18 10:09:43 +00:00
			`#Port 22`
Resolve conflicts and update for FreeBSD. 2000-05-15 05:24:25 +00:00			`#Protocol 2,1`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00			`#ListenAddress 0.0.0.0`
			`#ListenAddress ::`
Fix conflicts. 2002-03-18 10:09:43 +00:00
			`# HostKey for protocol version 1`
			`#HostKey /etc/ssh/ssh_host_key`
			`# HostKeys for protocol version 2`
			`#HostKey /etc/ssh/ssh_host_rsa_key`
			`#HostKey /etc/ssh/ssh_host_dsa_key`

			`# Lifetime and size of ephemeral version 1 server key`
			`#KeyRegenerationInterval 3600`
			`#ServerKeyBits 768`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
			`# Logging`
			`#obsoletes QuietMode and FascistLogging`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#SyslogFacility AUTH`
			`#LogLevel INFO`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`# Authentication:`

			`#LoginGraceTime 120`
			`#PermitRootLogin no`
			`#StrictModes yes`

			`#RSAAuthentication yes`
			`#PubkeyAuthentication yes`
			`#AuthorizedKeysFile .ssh/authorized_keys`

			`# rhosts authentication should not be used`
			`#RhostsAuthentication no`
			`# Don't read the user's ~/.rhosts and ~/.shosts files`
			`#IgnoreRhosts yes`
			`# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts`
			`#RhostsRSAAuthentication no`
Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00			`# similar for protocol version 2`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#HostbasedAuthentication no`
			`# Change to yes if you don't trust ~/.ssh/known_hosts for`
			`# RhostsRSAAuthentication and HostbasedAuthentication`
			`#IgnoreUserKnownHosts no`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
			`# To disable tunneled clear text passwords, change to no here!`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#PasswordAuthentication yes`
			`#PermitEmptyPasswords no`
Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
Back out previous commit. 2002-04-25 16:53:25 +00:00			`# Change to no to disable s/key passwords`
			`#ChallengeResponseAuthentication yes`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`# Kerberos options`
			`# KerberosAuthentication automatically enabled if keyfile exists`
			`#KerberosAuthentication yes`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00			`#KerberosOrLocalPasswd yes`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#KerberosTicketCleanup yes`

			`# AFSTokenPassing automatically enabled if k_hasafs() is true`
			`#AFSTokenPassing yes`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`# Kerberos TGT Passing only works with the AFS kaserver`
			`#KerberosTgtPassing no`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#X11Forwarding yes`
			`#X11DisplayOffset 10`
			`#X11UseLocalhost yes`
			`#PrintMotd yes`
			`#PrintLastLog yes`
			`#KeepAlive yes`
Vendor import of OpenSSH. 2000-02-24 14:29:47 +00:00			`#UseLogin no`
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#CheckMail yes`
Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green 2000-09-10 09:35:38 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`#MaxStartups 10`
			`# no default banner path`
			`#Banner /some/path`
			`#VerifyReverseMapping no`
Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00
Fix conflicts. 2002-03-18 10:09:43 +00:00			`# override default of no subsystems`
Fix conflicts for OpenSSH 2.9. 2001-05-04 04:14:23 +00:00			`Subsystem sftp /usr/libexec/sftp-server`