Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ssh/Attic/sshd_config,v retrieving revision 1.1.1.7 retrieving revision 1.2 diff -u -p -r1.1.1.7 -r1.2 --- src/crypto/dist/ssh/Attic/sshd_config 2002/03/08 01:21:43 1.1.1.7 +++ src/crypto/dist/ssh/Attic/sshd_config 2001/02/07 17:05:35 1.2 @@ -1,87 +1,65 @@ -# $NetBSD: sshd_config,v 1.1.1.7 2002/03/08 01:21:43 itojun Exp $ -# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $ +# $NetBSD: sshd_config,v 1.2 2001/02/07 17:05:35 itojun Exp $ +# $OpenBSD: sshd_config,v 1.32 2001/02/06 22:07:50 deraadt Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a -# default value. - -#Port 22 +Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 3600 -#ServerKeyBits 768 +HostKey /etc/ssh_host_key +HostKey /etc/ssh_host_dsa_key +#HostKey /etc/ssh_host_rsa_key +ServerKeyBits 768 +LoginGraceTime 600 +KeyRegenerationInterval 3600 +PermitRootLogin yes +# +# Don't read ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +IgnoreRootRhosts yes +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes +StrictModes yes +X11Forwarding no +X11DisplayOffset 10 +PrintMotd yes +KeepAlive yes # Logging +SyslogFacility AUTH +LogLevel INFO #obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO -# Authentication: - -#LoginGraceTime 600 -#PermitRootLogin yes -#StrictModes yes - -#RSAAuthentication yes -#PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys - -# rhosts authentication should not be used -#RhostsAuthentication no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no +RhostsAuthentication no +# +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# +RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no +PasswordAuthentication yes +PermitEmptyPasswords no -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes +# Uncomment to disable s/key passwords +#ChallengeResponseAuthentication no -# Kerberos options -# KerberosAuthentication automatically enabled if keyfile exists -#KerberosAuthentication yes +# To change Kerberos options +#KerberosAuthentication no #KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes - -# AFSTokenPassing automatically enabled if k_hasafs() is true -#AFSTokenPassing yes +#AFSTokenPassing no +#KerberosTicketCleanup no -# Kerberos TGT Passing only works with the AFS kaserver -#KerberosTgtPassing no +# Kerberos TGT Passing does only work with the AFS kaserver +#KerberosTgtPassing yes -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#KeepAlive yes +#CheckMail yes #UseLogin no -#MaxStartups 10 -# no default banner path -#Banner /some/path -#VerifyReverseMapping no +#MaxStartups 10:30:60 +#Banner /etc/issue.net +#ReverseMappingCheck yes -# override default of no subsystems Subsystem sftp /usr/libexec/sftp-server