# This is ssh server systemwide configuration file.
#
# sshd_config
# Last Update: sean/16.2.00

#Port 			22
ListenAddress 		0.0.0.0
HostKey			/etc/ssh_host_key
RandomSeed		/etc/ssh_random_seed
PidFile 	       /etc/sshd.pid
ServerKeyBits		768
LoginGraceTime 		180
KeyRegenerationInterval 3600
KeepAlive		yes
#umask
#IdleTimeout time

X11Forwarding 		yes
#X11DisplayOffset 10
#XAuthLocation

# Check permissions of important files/dirs:
StrictModes 		yes

####### logging #####
# Logging level?
#QuietMode 		      no
#FascistLogging 		no

# Log to authlog rather than the general daemonlog:
SyslogFacility 		AUTH
#SyslogFacility 	DAEMON
# OpenSSH only:
#LogLevel INFO
#SilentDeny

## Avoid double banner:
PrintMotd 		      no
#CheckMail			yes
CheckMail			no

########## Trust ########
# .rhosts, .shosts ignored?
# /etc/hosts.equiv and /etc/shosts.equiv are still used 
IgnoreRhosts 		no
#IgnoreRootRhosts 

# authentication using rhosts or /etc/hosts.equiv
RhostsAuthentication 	no

# authentication using rhosts + RSA host auth
# The host must be known (ssh_known_hosts) and be in .[sr]hosts
RhostsRSAAuthentication yes

# Allow login with pure RSA public/private keys? 
# (will circumvent UNIX login)
RSAAuthentication 	no 

########## login ########
#ForcedEmptyPasswdChange	no
#ForcedPasswdChange		yes
#KerberosAuthentication
#KerberosOrLocalPasswd
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing
#AFSTokenPassing no
#KerberosTicketCleanup no

#TISAuthentication
#OpenSSH: Uncomment to disable s/key passwords
#SkeyAuthentication no

#AccountExpireWarningDays
#PasswordExpireWarningDays
# Allow login with UNIX password?
PasswordAuthentication 	yes

# Should logins be allowed with empty passwords?
PermitEmptyPasswords 	no

#yes, no, nopwd (disables password-authenticated root logins)
PermitRootLogin 	yes


######## Access control #######
# Allow access from two trusted admin hosts
#AllowHosts 	176.17.17.12 176.17.17.11 
# AllowHosts *.our.com friend.other.com
# DenyHosts lowsecurity.theirs.com *.evil.org evil.org 195.*

# Restrict user groups
#AllowGroups
#DenyGroups

# Restrict users
#AllowUsers
#DenyUsers jim bill@host1
DenyUsers daemon bin sys lp uucp nuucp listen nobody noaccess nobody4 webproxy dns

# Which clients can access .shosts here?
#AllowSHosts
#DenySHosts

# OpenSSH: call login program?
#UseLogin no

# ssh-sdi options:
#SDIAuthentication yes/no : will enable or disable SDI Authentication
#SDICompatforcemode yes/no: will force the server, if SDIAuthentication is set
#                           to yes, and if the client has not tried
#                           SDIAuthentication, to accept a PasswordAuthentiction
#                           (Even if it is set to no) but challenge the ace
#                           server with the password as the passcode.

#EOF