Annotation of src/crypto/dist/ssh/sshd_config, Revision 1.2.2.3
1.2.2.3 ! he 1: # $NetBSD: sshd_config,v 1.2.2.2 2001/12/10 23:54:43 he Exp $
! 2: # $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $
1.2.2.2 he 3:
4: # This is the sshd server system-wide configuration file. See sshd(8)
5: # for more information.
6:
7: Port 22
8: #Protocol 2,1
9: #ListenAddress 0.0.0.0
10: #ListenAddress ::
1.2.2.3 ! he 11:
! 12: # HostKey for protocol version 1
1.2.2.2 he 13: HostKey /etc/ssh_host_key
1.2.2.3 ! he 14: # HostKeys for protocol version 2
! 15: HostKey /etc/ssh_host_rsa_key
1.2.2.2 he 16: HostKey /etc/ssh_host_dsa_key
1.2.2.3 ! he 17:
! 18: # Lifetime and size of ephemeral version 1 server key
1.2.2.2 he 19: KeyRegenerationInterval 3600
1.2.2.3 ! he 20: ServerKeyBits 768
1.2.2.2 he 21:
22: # Logging
23: SyslogFacility AUTH
24: LogLevel INFO
25: #obsoletes QuietMode and FascistLogging
26:
1.2.2.3 ! he 27: # Authentication:
! 28:
! 29: LoginGraceTime 600
! 30: PermitRootLogin no
! 31: StrictModes yes
! 32:
! 33: RSAAuthentication yes
! 34: PubkeyAuthentication yes
! 35: #AuthorizedKeysFile %h/.ssh/authorized_keys
! 36:
! 37: # rhosts authentication should not be used
1.2.2.2 he 38: RhostsAuthentication no
1.2.2.3 ! he 39: # Don't read the user's ~/.rhosts and ~/.shosts files
! 40: IgnoreRhosts yes
! 41: IgnoreRootRhosts yes
1.2.2.2 he 42: # For this to work you will also need host keys in /etc/ssh_known_hosts
43: RhostsRSAAuthentication no
1.2.2.3 ! he 44: # similar for protocol version 2
! 45: HostbasedAuthentication no
! 46: # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
! 47: #IgnoreUserKnownHosts yes
1.2.2.2 he 48:
49: # To disable tunneled clear text passwords, change to no here!
50: PasswordAuthentication yes
51: PermitEmptyPasswords no
52:
53: # Uncomment to disable s/key passwords
54: #ChallengeResponseAuthentication no
55:
56: # To change Kerberos options
57: #KerberosAuthentication no
58: #KerberosOrLocalPasswd yes
59: #AFSTokenPassing no
60: #KerberosTicketCleanup no
61:
62: # Kerberos TGT Passing does only work with the AFS kaserver
63: #KerberosTgtPassing yes
64:
1.2.2.3 ! he 65: X11Forwarding no
! 66: X11DisplayOffset 10
! 67: PrintMotd yes
! 68: #PrintLastLog no
! 69: KeepAlive yes
1.2.2.2 he 70: #UseLogin no
71:
72: #MaxStartups 10:30:60
73: #Banner /etc/issue.net
74: #ReverseMappingCheck yes
75:
76: Subsystem sftp /usr/libexec/sftp-server
CVSweb <webmaster@jp.NetBSD.org>