github.com/ddev/ddev@v1.23.2-0.20240519125000-d824ffe36ff3/containers/test-ssh-server/files/etc/ssh/sshd_config (about) 1 # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ 2 3 # This is the sshd server system-wide configuration file. See 4 # sshd_config(5) for more information. 5 6 # This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin 7 8 # OpenSSH is to specify options with their default value where 9 # possible, but leave them commented. Uncommented options override the 10 # default value. 11 12 Port 22 13 #AddressFamily any 14 #ListenAddress 0.0.0.0 15 #ListenAddress :: 16 17 HostKey /etc/ssh/ssh_host_rsa_key 18 HostKey /etc/ssh/ssh_host_dsa_key 19 HostKey /etc/ssh/ssh_host_ecdsa_key 20 HostKey /etc/ssh/ssh_host_ed25519_key 21 22 # Ciphers and keying 23 #RekeyLimit default none 24 25 # Logging 26 #SyslogFacility AUTH 27 #LogLevel INFO 28 29 # Authentication: 30 31 #LoginGraceTime 2m 32 PermitRootLogin yes 33 #StrictModes yes 34 #MaxAuthTries 6 35 #MaxSessions 10 36 37 #PubkeyAuthentication yes 38 39 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 40 # but this is overridden so installations will only check .ssh/authorized_keys 41 AuthorizedKeysFile .ssh/authorized_keys 42 43 #AuthorizedPrincipalsFile none 44 45 #AuthorizedKeysCommand none 46 #AuthorizedKeysCommandUser nobody 47 48 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 49 #HostbasedAuthentication no 50 # Change to yes if you don't trust ~/.ssh/known_hosts for 51 # HostbasedAuthentication 52 #IgnoreUserKnownHosts no 53 # Don't read the user's ~/.rhosts and ~/.shosts files 54 #IgnoreRhosts yes 55 56 # To disable tunneled clear text passwords, change to no here! 57 PasswordAuthentication no 58 #PermitEmptyPasswords no 59 60 # Change to no to disable s/key passwords 61 #ChallengeResponseAuthentication yes 62 63 # Kerberos options 64 #KerberosAuthentication no 65 #KerberosOrLocalPasswd yes 66 #KerberosTicketCleanup yes 67 #KerberosGetAFSToken no 68 69 # GSSAPI options 70 #GSSAPIAuthentication no 71 #GSSAPICleanupCredentials yes 72 73 # Set this to 'yes' to enable PAM authentication, account processing, 74 # and session processing. If this is enabled, PAM authentication will 75 # be allowed through the ChallengeResponseAuthentication and 76 # PasswordAuthentication. Depending on your PAM configuration, 77 # PAM authentication via ChallengeResponseAuthentication may bypass 78 # the setting of "PermitRootLogin without-password". 79 # If you just want the PAM account and session checks to run without 80 # PAM authentication, then enable this but set PasswordAuthentication 81 # and ChallengeResponseAuthentication to 'no'. 82 #UsePAM no 83 84 #AllowAgentForwarding yes 85 #AllowTcpForwarding yes 86 #GatewayPorts no 87 #X11Forwarding no 88 #X11DisplayOffset 10 89 #X11UseLocalhost yes 90 #PermitTTY yes 91 #PrintMotd yes 92 #PrintLastLog yes 93 #TCPKeepAlive yes 94 #UseLogin no 95 #UsePrivilegeSeparation sandbox 96 #PermitUserEnvironment no 97 #Compression delayed 98 #ClientAliveInterval 0 99 #ClientAliveCountMax 3 100 #UseDNS no 101 #PidFile /run/sshd.pid 102 #MaxStartups 10:30:100 103 #PermitTunnel no 104 #ChrootDirectory none 105 #VersionAddendum none 106 107 # no default banner path 108 #Banner none 109 110 # override default of no subsystems 111 Subsystem sftp /usr/lib/ssh/sftp-server 112 113 # Example of overriding settings on a per-user basis 114 #Match User anoncvs 115 # X11Forwarding no 116 # AllowTcpForwarding no 117 # PermitTTY no 118 # ForceCommand cvs server