updates for OpenSSH 4.5p1

diff --git a/setup/sshd_config.in b/setup/sshd_config.in
index 833cbbcb74da64df3fd1cb89031a1f97a72f338e..6bc88ae60459702cf3c98fb55998287bc4d57af7 100644 (file)
--- a/setup/sshd_config.in
+++ b/setup/sshd_config.in
@@ -1,4 +1,4 @@
-#      $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
+#      $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -73,16 +73,19 @@ Protocol 2
 # GSSAPI options
 #GSSAPIAuthentication yes
 #GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange yes
 
 # Set this to 'yes' to enable PAM authentication, account processing, 
 # and session processing. If this is enabled, PAM authentication will 
-# be allowed through the ChallengeResponseAuthentication mechanism. 
-# Depending on your PAM configuration, this may bypass the setting of 
-# PasswordAuthentication, PermitEmptyPasswords, and 
-# "PermitRootLogin without-password". If you just want the PAM account and 
-# session checks to run without PAM authentication, then enable this but set 
-# ChallengeResponseAuthentication=no
-UsePAM yes
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM yes
 
 #AllowTcpForwarding yes
 #GatewayPorts no
@@ -103,16 +106,16 @@ X11Forwarding yes
 #MaxStartups 10
 #PermitTunnel no
 
-# override default of no subsystems
-Subsystem      sftp    /usr/libexec/sftp-server
-
 # no default banner path
 #Banner /some/path
 
+# override default of no subsystems
+Subsystem      sftp    /usr/libexec/sftp-server
+
 # the following are HPN related configuration options
 # tcp receive buffer polling. enable in autotuning kernels
 #TcpRcvBufPoll no
-
+ 
 # allow the use of the none cipher
 #NoneEnabled no
 
@@ -122,3 +125,9 @@ Subsystem   sftp    /usr/libexec/sftp-server
 # buffer size for hpn to non-hn connections
 #HPNBufferSize 2048
 
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#      X11Forwarding no
+#      AllowTcpForwarding no
+#      ForceCommand cvs server