2 # Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
4 # Configuration file for sshd(1m) (see also sshd_config(4))
7 # Protocol versions supported
9 # The sshd shipped in this release of Solaris has support for major versions
10 # 1 and 2. It is recommended due to security weaknesses in the v1 protocol
11 # that sites run only v2 if possible. Support for v1 is provided to help sites
12 # with existing ssh v1 clients/servers to transition.
13 # Support for v1 may not be available in a future release of Solaris.
15 # To enable support for v1 an RSA1 key must be created with ssh-keygen(1).
16 # RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they
17 # do not already exist, RSA1 keys for protocol v1 are not automatically created.
19 # Uncomment ONLY ONE of the following Protocol statements.
21 # Only v2 (recommended)
24 # Both v1 and v2 (not recommended)
27 # Only v1 (not recommended)
30 # Listen port (the IANA registered port number for ssh is 22)
33 # The default listen address is all interfaces, this may need to be changed
34 # if you wish to restrict the interfaces sshd listens on for a multi homed host.
35 # Multiple ListenAddress entries are allowed.
38 #ListenAddress 0.0.0.0
42 # If port forwarding is enabled (default), specify if the server can bind to
44 # This allows the local port forwarding to work when connections are received
45 # from any remote host.
48 # X11 tunneling options
53 # The maximum number of concurrent unauthenticated connections to sshd.
54 # start:rate:full see sshd(1) for more information.
55 # The default is 10 unauthenticated clients.
58 # Banner to be printed before authentication starts.
61 # Should sshd print the /etc/motd file and check for mail.
62 # On Solaris it is assumed that the login shell will do these (eg /etc/profile).
65 # KeepAlive specifies whether keep alive messages are sent to the client.
66 # See sshd(1) for detailed description of what this means.
67 # Note that the client may also be sending keep alive messages to the server.
70 # Syslog facility and level
75 # Authentication configuration
78 # Host private key files
79 # Must be on a local disk and readable only by the root user (root:sys 600).
80 HostKey /etc/ssh/ssh_host_rsa_key
81 HostKey /etc/ssh/ssh_host_dsa_key
83 # Length of the server key
84 # Default 768, Minimum 512
87 # sshd regenerates the key every KeyRegenerationInterval seconds.
88 # The key is never stored anywhere except the memory of sshd.
89 # The default is 1 hour (3600 seconds).
90 KeyRegenerationInterval 3600
92 # Ensure secure permissions on users .ssh directory.
95 # Length of time in seconds before a client that hasn't completed
96 # authentication is disconnected.
97 # Default is 600 seconds. 0 means no time limit.
100 # Maximum number of retries for authentication
101 # Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2
105 # Are logins to accounts with empty passwords allowed.
106 # If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK
107 # to pam_authenticate(3PAM).
108 PermitEmptyPasswords no
110 # To disable tunneled clear text passwords, change PasswordAuthentication to no.
111 PasswordAuthentication yes
113 # Are root logins permitted using sshd.
114 # Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
115 # maybe denied access by a PAM module regardless of this setting.
116 # Valid options are yes, without-password, no.
120 Subsystem sftp internal-sftp
123 # SSH protocol v1 specific options
125 # The following options only apply to the v1 protocol and provide
126 # some form of backwards compatibility with the very weak security
127 # of /usr/bin/rsh. Their use is not recommended and the functionality
128 # will be removed when support for v1 protocol is removed.
130 # Should sshd use .rhosts and .shosts for password less authentication.
132 RhostsAuthentication no
134 # Rhosts RSA Authentication
135 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.
136 # If the user on the client side is not root then this won't work on
137 # Solaris since /usr/bin/ssh is not installed setuid.
138 RhostsRSAAuthentication no
140 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
141 #IgnoreUserKnownHosts yes
143 # Is pure RSA authentication allowed.
145 RSAAuthentication yes