=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config,v retrieving revision 1.21 retrieving revision 1.21.2.6 diff -u -r1.21 -r1.21.2.6 --- src/usr.bin/ssh/sshd_config 2000/10/11 20:14:39 1.21 +++ src/usr.bin/ssh/sshd_config 2002/03/08 17:04:43 1.21.2.6 @@ -1,56 +1,86 @@ -# This is ssh server systemwide configuration file. +# $OpenBSD: sshd_config,v 1.21.2.6 2002/03/08 17:04:43 brad Exp $ -Port 22 +# This is the sshd server system-wide configuration file. See sshd(8) +# for more information. + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: -HostKey /etc/ssh_host_key -ServerKeyBits 768 -LoginGraceTime 600 -KeyRegenerationInterval 3600 -PermitRootLogin yes -# -# Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes -StrictModes yes -X11Forwarding no -X11DisplayOffset 10 -PrintMotd yes -KeepAlive yes +# HostKey for protocol version 1 +#HostKey /etc/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh_host_rsa_key +#HostKey /etc/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 3600 +#ServerKeyBits 768 + # Logging -SyslogFacility AUTH -LogLevel INFO #obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO -RhostsAuthentication no -# +# Authentication: + +#LoginGraceTime 600 +#PermitRootLogin yes +#StrictModes yes + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# rhosts authentication should not be used +#RhostsAuthentication no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no -# -RSAAuthentication yes +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! -PasswordAuthentication yes -PermitEmptyPasswords no -# Uncomment to disable s/key passwords -#SkeyAuthentication no -#KbdInteractiveAuthentication yes +#PasswordAuthentication yes +#PermitEmptyPasswords no -# To change Kerberos options -#KerberosAuthentication no +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +# KerberosAuthentication automatically enabled if keyfile exists +#KerberosAuthentication yes #KerberosOrLocalPasswd yes -#AFSTokenPassing no -#KerberosTicketCleanup no +#KerberosTicketCleanup yes -# Kerberos TGT Passing does only work with the AFS kaserver -#KerberosTgtPassing yes +# AFSTokenPassing automatically enabled if k_hasafs() is true +#AFSTokenPassing yes -#CheckMail yes +# Kerberos TGT Passing only works with the AFS kaserver +#KerberosTgtPassing no + +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#KeepAlive yes #UseLogin no -# Uncomment if you want to enable sftp -#Subsystem sftp /usr/libexec/sftp-server -#MaxStartups 10:30:60 +#MaxStartups 10 +# no default banner path +#Banner /some/path +#VerifyReverseMapping no + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server