# SSH daemon configuration file. # # Some options are set even if they are default to document that they are # important and to prevent upstream changes from affecting them. # Copyright (C) 2013 Simon Ruderich # # This file is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This file is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this file. If not, see . # Listen on port 22 (default). Port 22 # Only use protocol 2. Protocol 1 is insecure. (default) Protocol 2 # Use privilege separation for increased security. UsePrivilegeSeparation yes # Don't use PAM because it may circumvent other authentication methods used # below (default). UsePAM no # Disable authentication methods I don't use. ChallengeResponseAuthentication no GSSAPIAuthentication no HostbasedAuthentication no KerberosAuthentication no PasswordAuthentication no # Only enable those I need. PubkeyAuthentication yes # Don't allow empty passwords (default). PermitEmptyPasswords no # Allow root-login only with public keys. PermitRootLogin without-password # Be strict when checking user file permissions (default). StrictModes yes # Don't accept any environment variables from the client (default). AcceptEnv # Don't use ~/.ssh/environment and environment= options in # ~/.ssh/authorized_keys because LD_PRELOAD could be used to circumvent # authentications (default). PermitUserEnvironment no # Enable sftp (and sshfs) usage. Subsystem sftp internal-sftp # Only allow logins for certain users. AllowUsers root