o Source globus-user-env.sh prior to executing our main perl setup

[gssapi-openssh.git] / setup / sshd_config.in

diff --git a/setup/sshd_config.in b/setup/sshd_config.in
index 5c76e84a46626032946b38b0641407f8751dec98..661ed5f2324c2cf99707cd2cdbbc8204be6f3d1d 100644 (file)
--- a/setup/sshd_config.in
+++ b/setup/sshd_config.in
@@ -1,7 +1,7 @@
-#      $OpenBSD: sshd_config,v 1.53 2002/05/15 21:02:53 markus Exp $
+#      $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
 
-# This is the sshd server system-wide configuration file.  See sshd(8)
-# for more information.
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
 
 # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
 
@@ -22,7 +22,7 @@
 #HostKey /etc/ssh/ssh_host_dsa_key
 
 # Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 3600
+#KeyRegenerationInterval 1h
 #ServerKeyBits 768
 
 # Logging
@@ -32,7 +32,7 @@
 
 # Authentication:
 
-#LoginGraceTime 600
+#LoginGraceTime 2m
 #PermitRootLogin yes
 #StrictModes yes
 
@@ -40,10 +40,6 @@
 #PubkeyAuthentication yes
 #AuthorizedKeysFile    .ssh/authorized_keys
 
-# rhosts authentication should not be used
-#RhostsAuthentication no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 #RhostsRSAAuthentication no
 # similar for protocol version 2
@@ -51,6 +47,8 @@
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
 
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
@@ -63,33 +61,42 @@
 #KerberosAuthentication no
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
+#KerberosGetAFSToken no
 
-#AFSTokenPassing no
+# Session hooks: if allowed, specify the commands to execute
+#AllowSessionHooks yes
+#SessionHookStartupCmd /bin/true
+#SessionHookShutdownCmd /bin/true
 
-# Kerberos TGT Passing only works with the AFS kaserver
-#KerberosTgtPassing no
+# GSSAPI options
+#GSSAPIAuthentication yes
+#GSSAPICleanupCredentials yes
 
-# Set this to 'yes' to enable PAM keyboard-interactive authentication 
-# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
-#PAMAuthenticationViaKbdInt yes
+# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# and session processing. Depending on your PAM configuration, this may
+# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
+#UsePAM no
 
-#X11Forwarding no
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PrintMotd yes
 #PrintLastLog yes
-#KeepAlive yes
+#TCPKeepAlive yes
 #UseLogin no
-#UsePrivilegeSeparation no
-
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression yes
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
 #MaxStartups 10
+
 # no default banner path
 #Banner /some/path
-#VerifyReverseMapping no
 
 # override default of no subsystems
 Subsystem      sftp    /usr/libexec/sftp-server
-
-# where to store the pid of sshd process
-# should be $localstatedir/sshd.pid => $globus_location/var/sshd.pid
-PidFile                /var/run/sshd.pid