- outdated

[packages/openssh.git] / opensshd.conf

diff --git a/opensshd.conf b/opensshd.conf
index 7021d8abe1e01ed9acf5929003f89b1da18e9f5b..b39904f11a52cf59b07cf983513656d9de72ed41 100644 (file)
--- a/opensshd.conf
+++ b/opensshd.conf
@@ -7,7 +7,8 @@
 # default value.
 
 Port 22
-Protocol 1,2
+Protocol 2
+#Protocol 2,1
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
@@ -36,8 +37,6 @@ RSAAuthentication yes
 #PubkeyAuthentication yes
 #AuthorizedKeysFile    .ssh/authorized_keys
 
-# rhosts authentication should not be used
-RhostsAuthentication no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 IgnoreRhosts yes
 # For this to work you will also need host keys in /etc/ssh_known_hosts
@@ -70,6 +69,10 @@ PermitEmptyPasswords no
 # bypass the setting of 'PasswordAuthentication'
 UsePAM yes
 
+# Set this to 'yes' to enable support for chrooted user environment.
+# You must create such environment before you can use this feature.
+#UseChroot yes
+
 X11Forwarding no
 X11DisplayOffset 10
 X11UseLocalhost yes
@@ -89,4 +92,8 @@ UsePrivilegeSeparation no
 #VerifyReverseMapping no
 
 # override default of no subsystems
-#Subsystem     sftp    /usr/lib/openssh/sftp-server
+Subsystem      sftp    /usr/lib/openssh/sftp-server
+
+# Security advisory:
+# http://securitytracker.com/alerts/2004/Sep/1011143.html
+AllowTcpForwarding no