From 20ba2feb04a1f39131f36e4400b77bbbab688fb7 Mon Sep 17 00:00:00 2001 From: jbasney Date: Fri, 16 Feb 2007 19:37:58 +0000 Subject: [PATCH] updates for OpenSSH 4.5p1 --- setup/sshd_config.in | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/setup/sshd_config.in b/setup/sshd_config.in index 833cbbc..6bc88ae 100644 --- a/setup/sshd_config.in +++ b/setup/sshd_config.in @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ +# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -73,16 +73,19 @@ Protocol 2 # GSSAPI options #GSSAPIAuthentication yes #GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication mechanism. -# Depending on your PAM configuration, this may bypass the setting of -# PasswordAuthentication, PermitEmptyPasswords, and -# "PermitRootLogin without-password". If you just want the PAM account and -# session checks to run without PAM authentication, then enable this but set -# ChallengeResponseAuthentication=no -UsePAM yes +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM yes #AllowTcpForwarding yes #GatewayPorts no @@ -103,16 +106,16 @@ X11Forwarding yes #MaxStartups 10 #PermitTunnel no -# override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server - # no default banner path #Banner /some/path +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + # the following are HPN related configuration options # tcp receive buffer polling. enable in autotuning kernels #TcpRcvBufPoll no - + # allow the use of the none cipher #NoneEnabled no @@ -122,3 +125,9 @@ Subsystem sftp /usr/libexec/sftp-server # buffer size for hpn to non-hn connections #HPNBufferSize 2048 + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server -- 2.45.1