Attachment #2037 for bug #1895

View | Details | Raw Unified | Return to bug 1895
Collapse All | Expand All




#       $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
#
#       This is the sshd server system-wide configuration file. See
#       sshd_config(5) for more information.
#
#       This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
#       The strategy used for options in the default sshd_config
#       shipped with OpenSSH is to specify options with their default
#       value where possible, but leave them commented. Uncommented
#       options change a default value.

############################################################################
#       General
############################################################################

#       Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#       The default requires explicit activation of protocol 1
#Protocol 2

#       HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key

#       HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

#       Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

############################################################################
#       Logging
############################################################################

#       obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

############################################################################
#       Authentication
############################################################################

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

#       For this to work you will also need host keys in
#       /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no

#       similar for protocol version 2
#HostbasedAuthentication no

#       Change to yes if you don't trust ~/.ssh/known_hosts for
#       RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

#       Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

#       To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

#       Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

#       Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

#       GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

############################################################################
#       Miscellaneous
############################################################################

#     Set this to 'yes' to enable PAM authentication, account processing,
#     and session processing. If this is enabled, PAM authentication will
#     be allowed through the ChallengeResponseAuthentication and
#     PasswordAuthentication.  Depending on your PAM configuration,
#     PAM authentication via ChallengeResponseAuthentication may bypass
#     the setting of "PermitRootLogin without-password".
#     If you just want the PAM account and session checks to run without
#     PAM authentication, then enable this but set PasswordAuthentication
#     and ChallengeResponseAuthentication to 'no'.
#UsePAM no

#AllowAgentForwarding yes

#PermitTunnel no
#ChrootDirectory none

#       No default banner path
#Banner none

#       Override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server

############################################################################
#       Examples
############################################################################

#       Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server

#       Example of permitting root login only from local LAN
#Match Address 192.168.1.0/26
#      PermitRootLogin yes

# End of file
- 

Return to bug 1895

Lines 1-87 Link Here

(-)a/sshd_config (-48 / +73 lines)
1	# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $	1	# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
2		2	#
3	# This is the sshd server system-wide configuration file. See	3	# This is the sshd server system-wide configuration file. See
4	# sshd_config(5) for more information.	4	# sshd_config(5) for more information.
5		5	#
6	# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin	6	# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7		7	# The strategy used for options in the default sshd_config
8	# The strategy used for options in the default sshd_config shipped with	8	# shipped with OpenSSH is to specify options with their default
9	# OpenSSH is to specify options with their default value where	9	# value where possible, but leave them commented. Uncommented
10	# possible, but leave them commented. Uncommented options change a	10	# options change a default value.
11	# default value.	11
12		12	############################################################################
13	#Port 22	13	# General
		14	############################################################################
		15
		16	# Port 22
14	#AddressFamily any	17	#AddressFamily any
15	#ListenAddress 0.0.0.0	18	#ListenAddress 0.0.0.0
16	#ListenAddress ::	19	#ListenAddress ::
17		20
18	# The default requires explicit activation of protocol 1	21	# The default requires explicit activation of protocol 1
19	#Protocol 2	22	#Protocol 2
20		23
21	# HostKey for protocol version 1	24	# HostKey for protocol version 1
22	#HostKey /etc/ssh/ssh_host_key	25	#HostKey /etc/ssh/ssh_host_key
23	# HostKeys for protocol version 2	26
		27	# HostKeys for protocol version 2
24	#HostKey /etc/ssh/ssh_host_rsa_key	28	#HostKey /etc/ssh/ssh_host_rsa_key
25	#HostKey /etc/ssh/ssh_host_dsa_key	29	#HostKey /etc/ssh/ssh_host_dsa_key
26	#HostKey /etc/ssh/ssh_host_ecdsa_key	30	#HostKey /etc/ssh/ssh_host_ecdsa_key
27		31
28	# Lifetime and size of ephemeral version 1 server key	32	# Lifetime and size of ephemeral version 1 server key
29	#KeyRegenerationInterval 1h	33	#KeyRegenerationInterval 1h
30	#ServerKeyBits 1024	34	#ServerKeyBits 1024
31		35
32	# Logging	36	############################################################################
33	# obsoletes QuietMode and FascistLogging	37	# Logging
		38	############################################################################
		39
		40	# obsoletes QuietMode and FascistLogging
34	#SyslogFacility AUTH	41	#SyslogFacility AUTH
35	#LogLevel INFO	42	#LogLevel INFO
36		43
37	# Authentication:	44	############################################################################
		45	# Authentication
		46	############################################################################
38		47
39	#LoginGraceTime 2m	48	#LoginGraceTime 2m
40	#PermitRootLogin yes	49	#PermitRootLogin yes
41	#StrictModes yes	50	#StrictModes yes
42	#MaxAuthTries 6	51	#MaxAuthTries 6
43	#MaxSessions 10	52	#MaxSessions 10
44
45	#RSAAuthentication yes	53	#RSAAuthentication yes
46	#PubkeyAuthentication yes	54	#PubkeyAuthentication yes
47	#AuthorizedKeysFile .ssh/authorized_keys	55	#AuthorizedKeysFile .ssh/authorized_keys
48		56
49	# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts	57	# For this to work you will also need host keys in
		58	# /etc/ssh/ssh_known_hosts
50	#RhostsRSAAuthentication no	59	#RhostsRSAAuthentication no
51	# similar for protocol version 2	60
		61	# similar for protocol version 2
52	#HostbasedAuthentication no	62	#HostbasedAuthentication no
53	# Change to yes if you don't trust ~/.ssh/known_hosts for	63
54	# RhostsRSAAuthentication and HostbasedAuthentication	64	# Change to yes if you don't trust ~/.ssh/known_hosts for
		65	# RhostsRSAAuthentication and HostbasedAuthentication
55	#IgnoreUserKnownHosts no	66	#IgnoreUserKnownHosts no
56	# Don't read the user's ~/.rhosts and ~/.shosts files	67
		68	# Don't read the user's ~/.rhosts and ~/.shosts files
57	#IgnoreRhosts yes	69	#IgnoreRhosts yes
58		70
59	# To disable tunneled clear text passwords, change to no here!	71	# To disable tunneled clear text passwords, change to no here!
60	#PasswordAuthentication yes	72	#PasswordAuthentication yes
61	#PermitEmptyPasswords no	73	#PermitEmptyPasswords no
62		74
63	# Change to no to disable s/key passwords	75	# Change to no to disable s/key passwords
64	#ChallengeResponseAuthentication yes	76	#ChallengeResponseAuthentication yes
65		77
66	# Kerberos options	78	# Kerberos options
67	#KerberosAuthentication no	79	#KerberosAuthentication no
68	#KerberosOrLocalPasswd yes	80	#KerberosOrLocalPasswd yes
69	#KerberosTicketCleanup yes	81	#KerberosTicketCleanup yes
70	#KerberosGetAFSToken no	82	#KerberosGetAFSToken no
71		83
72	# GSSAPI options	84	# GSSAPI options
73	#GSSAPIAuthentication no	85	#GSSAPIAuthentication no
74	#GSSAPICleanupCredentials yes	86	#GSSAPICleanupCredentials yes
75		87
76	# Set this to 'yes' to enable PAM authentication, account processing,	88	############################################################################
77	# and session processing. If this is enabled, PAM authentication will	89	# Miscellaneous
78	# be allowed through the ChallengeResponseAuthentication and	90	############################################################################
79	# PasswordAuthentication. Depending on your PAM configuration,	91
80	# PAM authentication via ChallengeResponseAuthentication may bypass	92	# Set this to 'yes' to enable PAM authentication, account processing,
81	# the setting of "PermitRootLogin without-password".	93	# and session processing. If this is enabled, PAM authentication will
82	# If you just want the PAM account and session checks to run without	94	# be allowed through the ChallengeResponseAuthentication and
83	# PAM authentication, then enable this but set PasswordAuthentication	95	# PasswordAuthentication. Depending on your PAM configuration,
84	# and ChallengeResponseAuthentication to 'no'.	96	# PAM authentication via ChallengeResponseAuthentication may bypass
		97	# the setting of "PermitRootLogin without-password".
		98	# If you just want the PAM account and session checks to run without
		99	# PAM authentication, then enable this but set PasswordAuthentication
		100	# and ChallengeResponseAuthentication to 'no'.
85	#UsePAM no	101	#UsePAM no
86		102
87	#AllowAgentForwarding yes	103	#AllowAgentForwarding yes
Lines 105-118 Link Here
105	#PermitTunnel no	121	#PermitTunnel no
106	#ChrootDirectory none	122	#ChrootDirectory none
107		123
108	# no default banner path	124	# No default banner path
109	#Banner none	125	#Banner none
110		126
111	# override default of no subsystems	127	# Override default of no subsystems
112	Subsystem sftp /usr/libexec/sftp-server	128	Subsystem sftp /usr/libexec/sftp-server
113		129
114	# Example of overriding settings on a per-user basis	130	############################################################################
		131	# Examples
		132	############################################################################
		133
		134	# Example of overriding settings on a per-user basis
115	#Match User anoncvs	135	#Match User anoncvs
116	# X11Forwarding no	136	# X11Forwarding no
117	# AllowTcpForwarding no	137	# AllowTcpForwarding no
118	# ForceCommand cvs server	138	# ForceCommand cvs server
		139
		140	# Example of permitting root login only from local LAN
		141	#Match Address 192.168.1.0/26
		142	# PermitRootLogin yes
		143
		144	# End of file
119	-