Table 2. Setting Parameters in sshd_config
Parameter Possible Values Description
Port number (Default=22) TCP port the dæmon
should listen on. Being able to change
this is handy when using Port Address
Translation to allow several hosts to
hide behind the same IP address
PermitRootLogin yes no Whether to accept root logins.
This is best set to "No";
administrators
should connect the server with
unprivileged accounts, and
then "su" to root
PasswordAuthentication yes no (Default=yes)Whether
to allow (encrypted) username/password
authentication or to insist on DSA- or
RSA-key-based authentication
PermitEmptyPasswords yes no (Default=no)Whether to
allow accounts to log in whose system
password is empty. Does not apply if
PasswordAuthentication=no; also, does not
apply to passphrase of DSA or RSA keys
(i.e., null passwords on keys is O.K.)
X11Forwarding yes no (Default=no)Whether to allow clients to
run X-Windows applications over the ssh tunnel.
There really is nothing to be gained by
setting this to "no" here, since
sshd_config can't similarly disable
generic TCP forwaring (which can be used
to forward X11).