- up to 4.5p1

[packages/openssh.git] / opensshd.conf

diff --git a/opensshd.conf b/opensshd.conf
index 261074333eab80d8d41537d0ccd03edded6cebc5..b39904f11a52cf59b07cf983513656d9de72ed41 100644 (file)
--- a/opensshd.conf
+++ b/opensshd.conf
@@ -7,7 +7,8 @@
 # default value.
 
 Port 22
-Protocol 1,2
+Protocol 2
+#Protocol 2,1
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
@@ -36,8 +37,6 @@ RSAAuthentication yes
 #PubkeyAuthentication yes
 #AuthorizedKeysFile    .ssh/authorized_keys
 
-# rhosts authentication should not be used
-RhostsAuthentication no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 IgnoreRhosts yes
 # For this to work you will also need host keys in /etc/ssh_known_hosts
@@ -65,9 +64,14 @@ PermitEmptyPasswords no
 # Kerberos TGT Passing only works with the AFS kaserver
 #KerberosTgtPassing no
 
-# Set this to 'yes' to enable PAM keyboard-interactive authentication 
-# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
-#PAMAuthenticationViaKbdInt yes
+# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# and session processing. Depending on your PAM configuration, this may
+# bypass the setting of 'PasswordAuthentication'
+UsePAM yes
+
+# Set this to 'yes' to enable support for chrooted user environment.
+# You must create such environment before you can use this feature.
+#UseChroot yes
 
 X11Forwarding no
 X11DisplayOffset 10
@@ -76,7 +80,10 @@ PrintMotd yes
 #PrintLastLog yes
 KeepAlive yes
 UseLogin no
-#UsePrivilegeSeparation yes
+
+# enabling this can cause some problems with for example pam_limit
+UsePrivilegeSeparation no
+
 #Compression yes
 
 #MaxStartups 10
@@ -85,4 +92,8 @@ UseLogin no
 #VerifyReverseMapping no
 
 # override default of no subsystems
-#Subsystem     sftp    /usr/lib/openssh/sftp-server
+Subsystem      sftp    /usr/lib/openssh/sftp-server
+
+# Security advisory:
+# http://securitytracker.com/alerts/2004/Sep/1011143.html
+AllowTcpForwarding no