diff options
| author |   markus <markus@openbsd.org> | 2001-05-31 13:08:04 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2001-05-31 13:08:04 +0000 |
| commit | 2c8b9ab814e5314c18f12ed1e62e32863b95409c (patch) | |
| tree | 98dc5a01e72755627cf1f955f427a62f9f1ffccd | |
| parent | undo the .c file split, just merge the header and keep the cvs history (diff) | |
| download | wireguard-openbsd-2c8b9ab814e5314c18f12ed1e62e32863b95409c.tar.xz wireguard-openbsd-2c8b9ab814e5314c18f12ed1e62e32863b95409c.zip | |
group options and add some more comments
| -rw-r--r-- | usr.bin/ssh/sshd_config | 49 |
1 files changed, 28 insertions, 21 deletions
diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index 4cfecdc637d..a5fd368f019 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.39 2001/05/20 17:20:36 markus Exp $ +# $OpenBSD: sshd_config,v 1.40 2001/05/31 13:08:04 markus Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. @@ -7,41 +7,43 @@ Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: + +# HostKey for protocol version 1 HostKey /etc/ssh_host_key +# HostKeys for protocol version 2 HostKey /etc/ssh_host_rsa_key HostKey /etc/ssh_host_dsa_key -ServerKeyBits 768 -LoginGraceTime 600 + +# Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 -PermitRootLogin yes -# -# Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes -StrictModes yes -X11Forwarding no -X11DisplayOffset 10 -PrintMotd yes -#PrintLastLog no -KeepAlive yes +ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging +# Authentication: + +LoginGraceTime 600 +PermitRootLogin yes +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys +#AuthorizedKeysFile2 %h/.ssh/authorized_keys2 + +# rhosts authentication should not be used RhostsAuthentication no -# +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no -# -RSAAuthentication yes -PubkeyAuthentication yes -#AuthorizedKeysFile %h/.ssh/authorized_keys -#AuthorizedKeysFile2 %h/.ssh/authorized_keys2 +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes @@ -59,6 +61,11 @@ PermitEmptyPasswords no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes +X11Forwarding no +X11DisplayOffset 10 +PrintMotd yes +#PrintLastLog no +KeepAlive yes #CheckMail yes #UseLogin no |