88ec7d3792
note that official openssh distribution have already dropped kerberosIV support, therefore maintenance cost needs to be paid by us. and have no intent to help.
90 lines
2.2 KiB
Plaintext
90 lines
2.2 KiB
Plaintext
# $NetBSD: sshd_config,v 1.18 2003/07/24 15:31:56 itojun Exp $
|
|
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
|
|
|
|
# This is the sshd server system-wide configuration file. See
|
|
# sshd_config(5) for more information.
|
|
|
|
# The strategy used for options in the default sshd_config shipped with
|
|
# OpenSSH is to specify options with their default value where
|
|
# possible, but leave them commented. Uncommented options change a
|
|
# default value.
|
|
|
|
#Port 22
|
|
#Protocol 2,1
|
|
#ListenAddress 0.0.0.0
|
|
#ListenAddress ::
|
|
|
|
# HostKey for protocol version 1
|
|
#HostKey /etc/ssh/ssh_host_key
|
|
# HostKeys for protocol version 2
|
|
#HostKey /etc/ssh/ssh_host_rsa_key
|
|
#HostKey /etc/ssh/ssh_host_dsa_key
|
|
|
|
# Lifetime and size of ephemeral version 1 server key
|
|
#KeyRegenerationInterval 3600
|
|
#ServerKeyBits 768
|
|
|
|
# Logging
|
|
#obsoletes QuietMode and FascistLogging
|
|
#SyslogFacility AUTH
|
|
#LogLevel INFO
|
|
|
|
# Authentication:
|
|
|
|
#LoginGraceTime 120
|
|
#PermitRootLogin no
|
|
#StrictModes yes
|
|
|
|
#RSAAuthentication yes
|
|
#PubkeyAuthentication yes
|
|
#AuthorizedKeysFile .ssh/authorized_keys
|
|
|
|
# rhosts authentication should not be used
|
|
#RhostsAuthentication no
|
|
# Don't read the user's ~/.rhosts and ~/.shosts files
|
|
#IgnoreRhosts yes
|
|
#IgnoreRootRhosts yes
|
|
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
|
#RhostsRSAAuthentication no
|
|
# similar for protocol version 2
|
|
#HostbasedAuthentication no
|
|
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
|
# RhostsRSAAuthentication and HostbasedAuthentication
|
|
#IgnoreUserKnownHosts no
|
|
|
|
# To disable tunneled clear text passwords, change to no here!
|
|
#PasswordAuthentication yes
|
|
#PermitEmptyPasswords no
|
|
|
|
# Change to no to disable s/key passwords
|
|
#ChallengeResponseAuthentication yes
|
|
|
|
# Kerberos options
|
|
#KerberosAuthentication no
|
|
#KerberosOrLocalPasswd yes
|
|
#KerberosTicketCleanup yes
|
|
|
|
#AFSTokenPassing no
|
|
|
|
# Kerberos TGT Passing only works with the AFS kaserver
|
|
#KerberosTgtPassing no
|
|
|
|
#X11Forwarding no
|
|
#X11DisplayOffset 10
|
|
#X11UseLocalhost yes
|
|
#PrintMotd yes
|
|
#PrintLastLog yes
|
|
#KeepAlive yes
|
|
#UseLogin no
|
|
#UsePrivilegeSeparation yes
|
|
#PermitUserEnvironment no
|
|
#Compression yes
|
|
|
|
#MaxStartups 10
|
|
# no default banner path
|
|
#Banner /some/path
|
|
#VerifyReverseMapping no
|
|
|
|
# override default of no subsystems
|
|
Subsystem sftp /usr/libexec/sftp-server
|