-# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
+# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# GSSAPI options
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication mechanism.
-# Depending on your PAM configuration, this may bypass the setting of
-# PasswordAuthentication, PermitEmptyPasswords, and
-# "PermitRootLogin without-password". If you just want the PAM account and
-# session checks to run without PAM authentication, then enable this but set
-# ChallengeResponseAuthentication=no
-UsePAM yes
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
#MaxStartups 10
#PermitTunnel no
-# override default of no subsystems
-Subsystem sftp /usr/libexec/sftp-server
-
# no default banner path
#Banner /some/path
+# override default of no subsystems
+Subsystem sftp /usr/libexec/sftp-server
+
# the following are HPN related configuration options
# tcp receive buffer polling. enable in autotuning kernels
#TcpRcvBufPoll no
-
+
# allow the use of the none cipher
#NoneEnabled no
# buffer size for hpn to non-hn connections
#HPNBufferSize 2048
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# ForceCommand cvs server