Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ssh/Attic/sshd_config,v retrieving revision 1.6 retrieving revision 1.18.2.1.4.1 diff -u -p -r1.6 -r1.18.2.1.4.1 --- src/crypto/dist/ssh/Attic/sshd_config 2001/05/15 16:00:32 1.6 +++ src/crypto/dist/ssh/Attic/sshd_config 2006/10/15 15:44:33 1.18.2.1.4.1 @@ -1,68 +1,90 @@ -# $NetBSD: sshd_config,v 1.6 2001/05/15 16:00:32 itojun Exp $ -# $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $ +# $NetBSD: sshd_config,v 1.18.2.1.4.1 2006/10/15 15:44:33 bouyer Exp $ +# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $ -# This is the sshd server system-wide configuration file. See sshd(8) -# for more information. +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. -Port 22 -#Protocol 2,1 +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: -HostKey /etc/ssh_host_key -HostKey /etc/ssh_host_rsa_key -HostKey /etc/ssh_host_dsa_key -ServerKeyBits 768 -LoginGraceTime 600 -KeyRegenerationInterval 3600 -PermitRootLogin yes -# -# Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -IgnoreRootRhosts yes -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes -StrictModes yes -X11Forwarding no -X11DisplayOffset 10 -PrintMotd yes -#PrintLastLog no -KeepAlive yes + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 3600 +#ServerKeyBits 768 # Logging -SyslogFacility AUTH -LogLevel INFO #obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: -RhostsAuthentication no -# -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no +# Slow machines or long keys may require more processing time. +LoginGraceTime 600 +#PermitRootLogin no +#StrictModes yes + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# rhosts authentication should not be used +#RhostsAuthentication no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes +#IgnoreRootRhosts yes +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no # similar for protocol version 2 -HostbasedAuthentication no -# -RSAAuthentication yes +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! -PasswordAuthentication yes -PermitEmptyPasswords no +#PasswordAuthentication yes +#PermitEmptyPasswords no -# Uncomment to disable s/key passwords -#ChallengeResponseAuthentication no +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes -# To change Kerberos options +# Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + #AFSTokenPassing no -#KerberosTicketCleanup no -# Kerberos TGT Passing does only work with the AFS kaserver -#KerberosTgtPassing yes +# Kerberos TGT Passing only works with the AFS kaserver +#KerberosTgtPassing no -#CheckMail yes +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#KeepAlive yes #UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression yes + +#MaxStartups 10 +# no default banner path +#Banner /some/path +#VerifyReverseMapping no -#MaxStartups 10:30:60 -#Banner /etc/issue.net -#ReverseMappingCheck yes - +# override default of no subsystems Subsystem sftp /usr/libexec/sftp-server