1 # 2 # Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3 # Use is subject to license terms. 4 # 5 # Configuration file for sshd(1m) (see also sshd_config(4)) 6 7 # Protocol versions supported 8 # 9 # The sshd shipped in this release of Solaris has support for major versions 10 # 1 and 2. It is recommended due to security weaknesses in the v1 protocol 11 # that sites run only v2 if possible. Support for v1 is provided to help sites 12 # with existing ssh v1 clients/servers to transition. 13 # Support for v1 may not be available in a future release of Solaris. 14 # 15 # To enable support for v1 an RSA1 key must be created with ssh-keygen(1). 16 # RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they 17 # do not already exist, RSA1 keys for protocol v1 are not automatically created. 18 19 # Uncomment ONLY ONE of the following Protocol statements. 20 21 # Only v2 (recommended) 22 Protocol 2 23 24 # Both v1 and v2 (not recommended) 25 #Protocol 2,1 26 27 # Only v1 (not recommended) 28 #Protocol 1 29 30 # Listen port (the IANA registered port number for ssh is 22) 31 Port 22 32 33 # The default listen address is all interfaces, this may need to be changed 34 # if you wish to restrict the interfaces sshd listens on for a multi homed host. 35 # Multiple ListenAddress entries are allowed. 36 37 # IPv4 only 38 #ListenAddress 0.0.0.0 39 # IPv4 & IPv6 40 ListenAddress :: 41 42 # If port forwarding is enabled (default), specify if the server can bind to 43 # INADDR_ANY. 44 # This allows the local port forwarding to work when connections are received 45 # from any remote host. 46 GatewayPorts no 47 48 # X11 tunneling options 49 X11Forwarding yes 50 X11DisplayOffset 10 51 X11UseLocalhost yes 52 53 # The maximum number of concurrent unauthenticated connections to sshd. 54 # start:rate:full see sshd(1) for more information. 55 # The default is 10 unauthenticated clients. 56 #MaxStartups 10:30:60 57 58 # Banner to be printed before authentication starts. 59 #Banner /etc/issue 60 61 # Should sshd print the /etc/motd file and check for mail. 62 # On Solaris it is assumed that the login shell will do these (eg /etc/profile). 63 PrintMotd no 64 65 # KeepAlive specifies whether keep alive messages are sent to the client. 66 # See sshd(1) for detailed description of what this means. 67 # Note that the client may also be sending keep alive messages to the server. 68 KeepAlive yes 69 70 # Syslog facility and level 71 SyslogFacility auth 72 LogLevel info 73 74 # 75 # Authentication configuration 76 # 77 78 # Host private key files 79 # Must be on a local disk and readable only by the root user (root:sys 600). 80 HostKey /etc/ssh/ssh_host_rsa_key 81 HostKey /etc/ssh/ssh_host_dsa_key 82 83 # Length of the server key 84 # Default 768, Minimum 512 85 ServerKeyBits 768 86 87 # sshd regenerates the key every KeyRegenerationInterval seconds. 88 # The key is never stored anywhere except the memory of sshd. 89 # The default is 1 hour (3600 seconds). 90 KeyRegenerationInterval 3600 91 92 # Ensure secure permissions on users .ssh directory. 93 StrictModes yes 94 95 # Length of time in seconds before a client that hasn't completed 96 # authentication is disconnected. 97 # Default is 600 seconds. 0 means no time limit. 98 LoginGraceTime 600 99 100 # Maximum number of retries for authentication 101 # Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2 102 MaxAuthTries 6 103 MaxAuthTriesLog 3 104 105 # Are logins to accounts with empty passwords allowed. 106 # If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK 107 # to pam_authenticate(3PAM). 108 PermitEmptyPasswords no 109 110 # To disable tunneled clear text passwords, change PasswordAuthentication to no. 111 PasswordAuthentication yes 112 113 # Use PAM via keyboard interactive method for authentication. 114 # Depending on the setup of pam.conf(4) this may allow tunneled clear text 115 # passwords even when PasswordAuthentication is set to no. This is dependent 116 # on what the individual modules request and is out of the control of sshd 117 # or the protocol. 118 PAMAuthenticationViaKBDInt yes 119 120 # Are root logins permitted using sshd. 121 # Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user 122 # maybe denied access by a PAM module regardless of this setting. 123 # Valid options are yes, without-password, no. 124 PermitRootLogin no 125 126 # sftp subsystem 127 Subsystem sftp internal-sftp 128 129 130 # SSH protocol v1 specific options 131 # 132 # The following options only apply to the v1 protocol and provide 133 # some form of backwards compatibility with the very weak security 134 # of /usr/bin/rsh. Their use is not recommended and the functionality 135 # will be removed when support for v1 protocol is removed. 136 137 # Should sshd use .rhosts and .shosts for password less authentication. 138 IgnoreRhosts yes 139 RhostsAuthentication no 140 141 # Rhosts RSA Authentication 142 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts. 143 # If the user on the client side is not root then this won't work on 144 # Solaris since /usr/bin/ssh is not installed setuid. 145 RhostsRSAAuthentication no 146 147 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication. 148 #IgnoreUserKnownHosts yes 149 150 # Is pure RSA authentication allowed. 151 # Default is yes 152 RSAAuthentication yes 153
Indexes created Wed Feb 10 09:32:22 UTC 2010
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Site Map |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2010, Oracle Corporation and/or its affiliates
