X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/5b10578589708ebab5b4df0ed2227c2437b968d8..bf996f866ac1a8d4f459c2b4d4e6d029d6c98d87:/setup/sshd_config.in diff --git a/setup/sshd_config.in b/setup/sshd_config.in index 5c76e84..661ed5f 100644 --- a/setup/sshd_config.in +++ b/setup/sshd_config.in @@ -1,7 +1,7 @@ -# $OpenBSD: sshd_config,v 1.53 2002/05/15 21:02:53 markus Exp $ +# $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ -# This is the sshd server system-wide configuration file. See sshd(8) -# for more information. +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin @@ -22,7 +22,7 @@ #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 3600 +#KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging @@ -32,7 +32,7 @@ # Authentication: -#LoginGraceTime 600 +#LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes @@ -40,10 +40,6 @@ #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys -# rhosts authentication should not be used -#RhostsAuthentication no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -51,6 +47,8 @@ # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes @@ -63,33 +61,42 @@ #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes +#KerberosGetAFSToken no -#AFSTokenPassing no +# Session hooks: if allowed, specify the commands to execute +#AllowSessionHooks yes +#SessionHookStartupCmd /bin/true +#SessionHookShutdownCmd /bin/true -# Kerberos TGT Passing only works with the AFS kaserver -#KerberosTgtPassing no +# GSSAPI options +#GSSAPIAuthentication yes +#GSSAPICleanupCredentials yes -# Set this to 'yes' to enable PAM keyboard-interactive authentication -# Warning: enabling this may bypass the setting of 'PasswordAuthentication' -#PAMAuthenticationViaKbdInt yes +# Set this to 'yes' to enable PAM authentication (via challenge-response) +# and session processing. Depending on your PAM configuration, this may +# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords' +#UsePAM no -#X11Forwarding no +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes -#KeepAlive yes +#TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation no - +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression yes +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid #MaxStartups 10 + # no default banner path #Banner /some/path -#VerifyReverseMapping no # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server - -# where to store the pid of sshd process -# should be $localstatedir/sshd.pid => $globus_location/var/sshd.pid -PidFile /var/run/sshd.pid