Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ssh/Attic/sshd_config,v retrieving revision 1.7 retrieving revision 1.28 diff -u -p -r1.7 -r1.28 --- src/crypto/dist/ssh/Attic/sshd_config 2001/06/23 19:37:42 1.7 +++ src/crypto/dist/ssh/Attic/sshd_config 2007/12/21 01:03:58 1.28 @@ -1,77 +1,109 @@ -# $NetBSD: sshd_config,v 1.7 2001/06/23 19:37:42 itojun Exp $ -# $OpenBSD: sshd_config,v 1.41 2001/06/22 21:55:50 markus Exp $ +# $NetBSD: sshd_config,v 1.28 2007/12/21 01:03:58 tnn Exp $ +# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $ -# This is the sshd server system-wide configuration file. See sshd(8) -# for more information. +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. -Port 22 -#Protocol 2,1 +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +Protocol 2 +#AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + # HostKey for protocol version 1 -HostKey /etc/ssh_host_key +#HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 -HostKey /etc/ssh_host_rsa_key -HostKey /etc/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key -KeyRegenerationInterval 3600 -ServerKeyBits 768 +#KeyRegenerationInterval 1h +#ServerKeyBits 768 # Logging -SyslogFacility AUTH -LogLevel INFO -#obsoletes QuietMode and FascistLogging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO # Authentication: +# Slow machines or long keys may require more processing time. LoginGraceTime 600 -PermitRootLogin yes -StrictModes yes - -RSAAuthentication yes -PubkeyAuthentication yes -#AuthorizedKeysFile %h/.ssh/authorized_keys +#PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys -# rhosts authentication should not be used -RhostsAuthentication no -# Don't read the user's ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -IgnoreRootRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no # similar for protocol version 2 -HostbasedAuthentication no -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! -PasswordAuthentication yes -PermitEmptyPasswords no +#PasswordAuthentication yes +#PermitEmptyPasswords no -# Uncomment to disable s/key passwords -#ChallengeResponseAuthentication no +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes -# To change Kerberos options +# Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes -#AFSTokenPassing no -#KerberosTicketCleanup no - -# Kerberos TGT Passing does only work with the AFS kaserver -#KerberosTgtPassing yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no -X11Forwarding no -X11DisplayOffset 10 -PrintMotd yes -#PrintLastLog no -KeepAlive yes -#CheckMail yes +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +# If you use xorg from pkgsrc then uncomment the following line. +#XAuthLocation /usr/pkg/bin/xauth +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes #UseLogin no +#UsePrivilegeSeparation yes +UsePam yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no -#MaxStartups 10:30:60 -#Banner /etc/issue.net -#ReverseMappingCheck yes +# no default banner path +#Banner /some/path +# override default of no subsystems Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server