diff options
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | sshd_config | 99 |
2 files changed, 62 insertions, 46 deletions
@@ -185,6 +185,13 @@ | |||
185 | - markus@cvs.openbsd.org 2002/01/16 13:17:51 | 185 | - markus@cvs.openbsd.org 2002/01/16 13:17:51 |
186 | [channels.c channels.h serverloop.c ssh.c] | 186 | [channels.c channels.h serverloop.c ssh.c] |
187 | wrapper for channel_setup_fwd_listener | 187 | wrapper for channel_setup_fwd_listener |
188 | - stevesk@cvs.openbsd.org 2002/01/16 17:40:23 | ||
189 | [sshd_config] | ||
190 | The stategy now used for options in the default sshd_config shipped | ||
191 | with OpenSSH is to specify options with their default value where | ||
192 | possible, but leave them commented. Uncommented options change a | ||
193 | default value. Subsystem is currently the only default option | ||
194 | changed. ok markus@ | ||
188 | 195 | ||
189 | 20020121 | 196 | 20020121 |
190 | - (djm) Rework ssh-rand-helper: | 197 | - (djm) Rework ssh-rand-helper: |
@@ -7332,4 +7339,4 @@ | |||
7332 | - Wrote replacements for strlcpy and mkdtemp | 7339 | - Wrote replacements for strlcpy and mkdtemp |
7333 | - Released 1.0pre1 | 7340 | - Released 1.0pre1 |
7334 | 7341 | ||
7335 | $Id: ChangeLog,v 1.1775 2002/01/22 12:29:22 djm Exp $ | 7342 | $Id: ChangeLog,v 1.1776 2002/01/22 12:32:07 djm Exp $ |
diff --git a/sshd_config b/sshd_config index 41e3388da..9e62e9cf3 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,80 +1,89 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.43 2001/12/19 07:18:56 deraadt Exp $ | 1 | # $OpenBSD: sshd_config,v 1.44 2002/01/16 17:40:23 stevesk Exp $ |
2 | |||
3 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | ||
4 | 2 | ||
5 | # This is the sshd server system-wide configuration file. See sshd(8) | 3 | # This is the sshd server system-wide configuration file. See sshd(8) |
6 | # for more information. | 4 | # for more information. |
7 | 5 | ||
8 | Port 22 | 6 | # The stategy used for options in the default sshd_config shipped with |
7 | # OpenSSH is to specify options with their default value where | ||
8 | # possible, but leave them commented. Uncommented options change a | ||
9 | # default value. | ||
10 | |||
11 | #Port 22 | ||
9 | #Protocol 2,1 | 12 | #Protocol 2,1 |
10 | #ListenAddress 0.0.0.0 | 13 | #ListenAddress 0.0.0.0 |
11 | #ListenAddress :: | 14 | #ListenAddress :: |
12 | 15 | ||
13 | # HostKey for protocol version 1 | 16 | # HostKey for protocol version 1 |
14 | HostKey /etc/ssh_host_key | 17 | #HostKey /etc/ssh_host_key |
15 | # HostKeys for protocol version 2 | 18 | # HostKeys for protocol version 2 |
16 | HostKey /etc/ssh_host_rsa_key | 19 | #HostKey /etc/ssh_host_rsa_key |
17 | HostKey /etc/ssh_host_dsa_key | 20 | #HostKey /etc/ssh_host_dsa_key |
18 | 21 | ||
19 | # Lifetime and size of ephemeral version 1 server key | 22 | # Lifetime and size of ephemeral version 1 server key |
20 | KeyRegenerationInterval 3600 | 23 | #KeyRegenerationInterval 3600 |
21 | ServerKeyBits 768 | 24 | #ServerKeyBits 768 |
22 | 25 | ||
23 | # Logging | 26 | # Logging |
24 | SyslogFacility AUTH | ||
25 | LogLevel INFO | ||
26 | #obsoletes QuietMode and FascistLogging | 27 | #obsoletes QuietMode and FascistLogging |
28 | #SyslogFacility AUTH | ||
29 | #LogLevel INFO | ||
27 | 30 | ||
28 | # Authentication: | 31 | # Authentication: |
29 | 32 | ||
30 | LoginGraceTime 600 | 33 | #LoginGraceTime 600 |
31 | PermitRootLogin yes | 34 | #PermitRootLogin yes |
32 | StrictModes yes | 35 | #StrictModes yes |
33 | 36 | ||
34 | RSAAuthentication yes | 37 | #RSAAuthentication yes |
35 | PubkeyAuthentication yes | 38 | #PubkeyAuthentication yes |
36 | #AuthorizedKeysFile %h/.ssh/authorized_keys | 39 | #AuthorizedKeysFile .ssh/authorized_keys |
37 | 40 | ||
38 | # rhosts authentication should not be used | 41 | # rhosts authentication should not be used |
39 | RhostsAuthentication no | 42 | #RhostsAuthentication no |
40 | # Don't read the user's ~/.rhosts and ~/.shosts files | 43 | # Don't read the user's ~/.rhosts and ~/.shosts files |
41 | IgnoreRhosts yes | 44 | #IgnoreRhosts yes |
42 | # For this to work you will also need host keys in /etc/ssh_known_hosts | 45 | # For this to work you will also need host keys in /etc/ssh_known_hosts |
43 | RhostsRSAAuthentication no | 46 | #RhostsRSAAuthentication no |
44 | # similar for protocol version 2 | 47 | # similar for protocol version 2 |
45 | HostbasedAuthentication no | 48 | #HostbasedAuthentication no |
46 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | 49 | # Change to yes if you don't trust ~/.ssh/known_hosts for |
47 | #IgnoreUserKnownHosts yes | 50 | # RhostsRSAAuthentication and HostbasedAuthentication |
51 | #IgnoreUserKnownHosts no | ||
48 | 52 | ||
49 | # To disable tunneled clear text passwords, change to no here! | 53 | # To disable tunneled clear text passwords, change to no here! |
50 | PasswordAuthentication yes | 54 | #PasswordAuthentication yes |
51 | PermitEmptyPasswords no | 55 | #PermitEmptyPasswords no |
52 | |||
53 | # Uncomment to disable s/key passwords | ||
54 | #ChallengeResponseAuthentication no | ||
55 | 56 | ||
56 | # Uncomment to enable PAM keyboard-interactive authentication | 57 | # Change to no to disable s/key passwords |
57 | # Warning: enabling this may bypass the setting of 'PasswordAuthentication' | 58 | #ChallengeResponseAuthentication yes |
58 | #PAMAuthenticationViaKbdInt yes | ||
59 | 59 | ||
60 | # To change Kerberos options | 60 | # Kerberos options |
61 | #KerberosAuthentication no | 61 | # KerberosAuthentication automatically enabled if keyfile exists |
62 | #KerberosAuthentication yes | ||
62 | #KerberosOrLocalPasswd yes | 63 | #KerberosOrLocalPasswd yes |
63 | #AFSTokenPassing no | 64 | #KerberosTicketCleanup yes |
64 | #KerberosTicketCleanup no | ||
65 | 65 | ||
66 | # Kerberos TGT Passing does only work with the AFS kaserver | 66 | # AFSTokenPassing automatically enabled if k_hasafs() is true |
67 | #KerberosTgtPassing yes | 67 | #AFSTokenPassing yes |
68 | |||
69 | # Kerberos TGT Passing only works with the AFS kaserver | ||
70 | #KerberosTgtPassing no | ||
71 | |||
72 | # Set this to 'yes' to enable PAM keyboard-interactive authentication | ||
73 | # Warning: enabling this may bypass the setting of 'PasswordAuthentication' | ||
74 | #PAMAuthenticationViaKbdInt yes | ||
68 | 75 | ||
69 | X11Forwarding no | 76 | #X11Forwarding no |
70 | X11DisplayOffset 10 | 77 | #X11DisplayOffset 10 |
71 | PrintMotd yes | 78 | #PrintMotd yes |
72 | #PrintLastLog no | 79 | #PrintLastLog yes |
73 | KeepAlive yes | 80 | #KeepAlive yes |
74 | #UseLogin no | 81 | #UseLogin no |
75 | 82 | ||
76 | #MaxStartups 10:30:60 | 83 | #MaxStartups 10 |
77 | #Banner /etc/issue.net | 84 | # no default banner path |
78 | #ReverseMappingCheck yes | 85 | #Banner /some/path |
86 | #ReverseMappingCheck no | ||
79 | 87 | ||
88 | # override default of no subsystems | ||
80 | Subsystem sftp /usr/libexec/sftp-server | 89 | Subsystem sftp /usr/libexec/sftp-server |