830N/A# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
830N/A# Use is subject to license terms.
830N/A# Configuration file for sshd(1m)
830N/A# Protocol versions supported
830N/A# The sshd shipped in this release of Solaris has support for major versions
830N/A# 1 and 2. It is recommended due to security weaknesses in the v1 protocol
830N/A# that sites run only v2 if possible. Support for v1 is provided to help sites
830N/A# Support for v1 may not be available in a future release of Solaris.
830N/A# To enable support for v1 an RSA1 key must be created with ssh-keygen(1).
830N/A# do not already exist, RSA1 keys for protocol v1 are not automatically created.
830N/A# Uncomment ONLY ONE of the following Protocol statements.
839N/A# Both v1 and v2 (not recommended)
830N/A# Listen port (the IANA registered port number for ssh is 22)
830N/A# The default listen address is all interfaces, this may need to be changed
830N/A# if you wish to restrict the interfaces sshd listens on for a multi homed host.
830N/A# Multiple ListenAddress entries are allowed.
830N/A# If port forwarding is enabled, specify if the server can bind to INADDR_ANY.
830N/A# This allows the local port forwarding to work when connections are received
830N/A# The maximum number of concurrent unauthenticated connections to sshd.
830N/A# start:rate:full see sshd(1) for more information.
830N/A# The default is 10 unauthenticated clients.
844N/A# Banner to be printed before authentication starts.
830N/A# KeepAlive specifies whether keep alive messages are sent to the client.
830N/A# See sshd(1) for detailed description of what this means.
902N/A# Note that the client may also be sending keep alive messages to the server.
854N/A# Syslog facility and level
1058N/A# Authentication configuration
1444N/A# Must be on a local disk and readable only by the root user (root:sys 600).
902N/A# Length of the server key
830N/A# Default 768, Minimum 512
830N/A# sshd regenerates the key every KeyRegenerationInterval seconds.
830N/A# The key is never stored anywhere except the memory of sshd.
830N/A# The default is 1 hour (3600 seconds).
830N/AKeyRegenerationInterval 3600
830N/A# Ensure secure permissions on users .ssh directory.
830N/A# Length of time in seconds before a client that hasn't completed
830N/A# authentication is disconnected.
830N/A# Default is 600 seconds. 0 means no time limit.
902N/A# Maximum number of retries for authentication
902N/A# Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2
830N/A# Are logins to accounts with empty passwords allowed.
830N/A# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK
830N/A# to pam_authenticate(3PAM).
830N/A# To disable tunneled clear text passwords, change PasswordAuthentication to no.
830N/APasswordAuthentication yes
830N/A# Use PAM via keyboard interactive method for authentication.
830N/A# Depending on the setup of
pam.conf(4) this may allow tunneled clear text
830N/A# passwords even when PasswordAuthentication is set to no. This is dependent
830N/A# on what the individual modules request and is out of the control of sshd
830N/APAMAuthenticationViaKBDInt yes
830N/A# Are root logins permitted using sshd.
830N/A# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
830N/A# maybe denied access by a PAM module regardless of this setting.
830N/A# Valid options are yes, without-password, no.
990N/A# SSH protocol v1 specific options
990N/A# The following options only apply to the v1 protocol and provide
990N/A# some form of backwards compatibility with the very weak security
990N/A# will be removed when support for v1 protocol is removed.
990N/A# Should sshd use .rhosts and .shosts for password less authentication.
990N/A# Rhosts RSA Authentication
990N/A# If the user on the client side is not root then this won't work on
830N/ARhostsRSAAuthentication no
830N/A# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
830N/A#IgnoreUserKnownHosts yes
830N/A# Is pure RSA authentication allowed.