1 files changed, 16 insertions, 19 deletions
diff --git a/sshd_config b/sshd_config
index dd53f1057..36429c9d0 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $
+#       $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -22,7 +22,7 @@
 #HostKey /etc/ssh/ssh_host_dsa_key
 # Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 1h
+#KeyRegenerationInterval 3600
 #ServerKeyBits 768
 # Logging
@@ -32,7 +32,7 @@
 # Authentication:
-#LoginGraceTime 2m
+#LoginGraceTime 120
 #PermitRootLogin yes
 #StrictModes yes
@@ -40,6 +40,10 @@
 #PubkeyAuthentication yes
 #AuthorizedKeysFile     .ssh/authorized_keys
+# rhosts authentication should not be used
+#RhostsAuthentication no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 #RhostsRSAAuthentication no
 # similar for protocol version 2
@@ -47,8 +51,6 @@
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
@@ -62,17 +64,15 @@
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
-# GSSAPI options
+#AFSTokenPassing no
-#GSSAPIAuthentication no
-#GSSAPICleanupCreds yes
-# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# Kerberos TGT Passing only works with the AFS kaserver
-# and session processing. Depending on your PAM configuration, this may
+#KerberosTgtPassing no
-# bypass the setting of 'PasswordAuthentication'
-#UsePAM yes
+# Set this to 'yes' to enable PAM keyboard-interactive authentication 
+# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
+#PAMAuthenticationViaKbdInt no
-#AllowTcpForwarding yes
-#GatewayPorts no
 #X11Forwarding no
 #X11DisplayOffset 10
 #X11UseLocalhost yes
@@ -83,14 +83,11 @@
 #UsePrivilegeSeparation yes
 #PermitUserEnvironment no
 #Compression yes
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS yes
-#PidFile /var/run/sshd.pid
-#MaxStartups 10
+#MaxStartups 10
 # no default banner path
 #Banner /some/path
+#VerifyReverseMapping no
 # override default of no subsystems
 Subsystem       sftp    /usr/libexec/sftp-server

diff --git a/sshd_config b/sshd_config index dd53f1057..36429c9d0 100644 --- a/sshd_config +++ b/sshd_config
@@ -1,4 +1,4 @@
1	# $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $	1	# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
2		2
3	# This is the sshd server system-wide configuration file. See	3	# This is the sshd server system-wide configuration file. See
4	# sshd_config(5) for more information.	4	# sshd_config(5) for more information.
@@ -22,7 +22,7 @@
22	#HostKey /etc/ssh/ssh_host_dsa_key	22	#HostKey /etc/ssh/ssh_host_dsa_key
23		23
24	# Lifetime and size of ephemeral version 1 server key	24	# Lifetime and size of ephemeral version 1 server key
25	#KeyRegenerationInterval 1h	25	#KeyRegenerationInterval 3600
26	#ServerKeyBits 768	26	#ServerKeyBits 768
27		27
28	# Logging	28	# Logging
@@ -32,7 +32,7 @@
32		32
33	# Authentication:	33	# Authentication:
34		34
35	#LoginGraceTime 2m	35	#LoginGraceTime 120
36	#PermitRootLogin yes	36	#PermitRootLogin yes
37	#StrictModes yes	37	#StrictModes yes
38		38
@@ -40,6 +40,10 @@
40	#PubkeyAuthentication yes	40	#PubkeyAuthentication yes
41	#AuthorizedKeysFile .ssh/authorized_keys	41	#AuthorizedKeysFile .ssh/authorized_keys
42		42
		43	# rhosts authentication should not be used
		44	#RhostsAuthentication no
		45	# Don't read the user's ~/.rhosts and ~/.shosts files
		46	#IgnoreRhosts yes
43	# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts	47	# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
44	#RhostsRSAAuthentication no	48	#RhostsRSAAuthentication no
45	# similar for protocol version 2	49	# similar for protocol version 2
@@ -47,8 +51,6 @@
47	# Change to yes if you don't trust ~/.ssh/known_hosts for	51	# Change to yes if you don't trust ~/.ssh/known_hosts for
48	# RhostsRSAAuthentication and HostbasedAuthentication	52	# RhostsRSAAuthentication and HostbasedAuthentication
49	#IgnoreUserKnownHosts no	53	#IgnoreUserKnownHosts no
50	# Don't read the user's ~/.rhosts and ~/.shosts files
51	#IgnoreRhosts yes
52		54
53	# To disable tunneled clear text passwords, change to no here!	55	# To disable tunneled clear text passwords, change to no here!
54	#PasswordAuthentication yes	56	#PasswordAuthentication yes
@@ -62,17 +64,15 @@
62	#KerberosOrLocalPasswd yes	64	#KerberosOrLocalPasswd yes
63	#KerberosTicketCleanup yes	65	#KerberosTicketCleanup yes
64		66
65	# GSSAPI options	67	#AFSTokenPassing no
66	#GSSAPIAuthentication no
67	#GSSAPICleanupCreds yes
68		68
69	# Set this to 'yes' to enable PAM authentication (via challenge-response)	69	# Kerberos TGT Passing only works with the AFS kaserver
70	# and session processing. Depending on your PAM configuration, this may	70	#KerberosTgtPassing no
71	# bypass the setting of 'PasswordAuthentication'	71
72	#UsePAM yes	72	# Set this to 'yes' to enable PAM keyboard-interactive authentication
		73	# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
		74	#PAMAuthenticationViaKbdInt no
73		75
74	#AllowTcpForwarding yes
75	#GatewayPorts no
76	#X11Forwarding no	76	#X11Forwarding no
77	#X11DisplayOffset 10	77	#X11DisplayOffset 10
78	#X11UseLocalhost yes	78	#X11UseLocalhost yes
@@ -83,14 +83,11 @@
83	#UsePrivilegeSeparation yes	83	#UsePrivilegeSeparation yes
84	#PermitUserEnvironment no	84	#PermitUserEnvironment no
85	#Compression yes	85	#Compression yes
86	#ClientAliveInterval 0
87	#ClientAliveCountMax 3
88	#UseDNS yes
89	#PidFile /var/run/sshd.pid
90	#MaxStartups 10
91		86
		87	#MaxStartups 10
92	# no default banner path	88	# no default banner path
93	#Banner /some/path	89	#Banner /some/path
		90	#VerifyReverseMapping no
94		91
95	# override default of no subsystems	92	# override default of no subsystems
96	Subsystem sftp /usr/libexec/sftp-server	93	Subsystem sftp /usr/libexec/sftp-server