# UTF-8 encoded

### TCP/IP ###
Port 22
AddressFamily inet
#ListenAddress 0.0.0.0
TCPKeepAlive yes

### SSH特性 ###
Protocol 2
Ciphers  aes256-cbc,aes256-ctr
MACs     hmac-md5,hmac-sha1,hmac-ripemd160
Compression delayed
ClientAliveInterval 10
ClientAliveCountMax 6

### 文件位置 ###
HostKey /etc/ssh/ssh_host_rsa_key
AuthorizedKeysFile  .ssh/authorized_keys
PidFile /var/run/sshd.pid

### 日志 ###
SyslogFacility AUTH
LogLevel INFO

### 登录特性 ###
Banner none
LoginGraceTime 30s
PrintMotd no
PrintLastLog no
UseLogin no

### 认证 ###
PasswordAuthentication yes
PubkeyAuthentication yes
ChallengeResponseAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
HostbasedUsesNameFromPacketOnly no
IgnoreUserKnownHosts yes
IgnoreRhosts yes
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#UsePAM no

### 授权与访问控制 ###
PermitRootLogin yes
PermitEmptyPasswords no
DenyUsers  bin httpd pgsql sshd
AllowUsers root
DenyGroups www sshd
#AllowGroups

### 子系统 ###
Subsystem sftp /bin/sftp-server

### 转发 ###
AllowTcpForwarding no
GatewayPorts no
PermitTunnel no
#PermitOpen

### X11 转发 ###
X11Forwarding no
X11DisplayOffset 10
X11UseLocalhost yes
#XAuthLocation

### 仅用于 SSH-1 ###
#RSAAuthentication
#KeyRegenerationInterval
#ServerKeyBits

### 杂项 ###
MaxAuthTries 4
#AcceptEnv
PermitUserEnvironment no
UsePrivilegeSeparation yes
#UseDNS yes
MaxStartups 5
StrictModes yes
#ForceCommand
#Match