head	1.63;
access;
symbols
	RELENG_8_4:1.61.0.2
	RELENG_9_1_0_RELEASE:1.56.2.1.4.2
	RELENG_9_1:1.56.2.1.0.4
	RELENG_9_1_BP:1.56.2.1
	RELENG_8_3_0_RELEASE:1.49.2.3.2.1
	RELENG_8_3:1.49.2.3.0.2
	RELENG_8_3_BP:1.49.2.3
	RELENG_9_0_0_RELEASE:1.56.2.1.2.1
	RELENG_9_0:1.56.2.1.0.2
	RELENG_9_0_BP:1.56.2.1
	RELENG_9:1.56.0.2
	RELENG_9_BP:1.56
	RELENG_7_4_0_RELEASE:1.47.2.2.8.1
	RELENG_8_2_0_RELEASE:1.49.2.2.4.1
	RELENG_7_4:1.47.2.2.0.8
	RELENG_7_4_BP:1.47.2.2
	RELENG_8_2:1.49.2.2.0.4
	RELENG_8_2_BP:1.49.2.2
	RELENG_8_1_0_RELEASE:1.49.2.2.2.1
	RELENG_8_1:1.49.2.2.0.2
	RELENG_8_1_BP:1.49.2.2
	RELENG_7_3_0_RELEASE:1.47.2.2.6.1
	RELENG_7_3:1.47.2.2.0.6
	RELENG_7_3_BP:1.47.2.2
	RELENG_8_0_0_RELEASE:1.49.2.1.2.1
	RELENG_8_0:1.49.2.1.0.2
	RELENG_8_0_BP:1.49.2.1
	RELENG_8:1.49.0.2
	RELENG_8_BP:1.49
	RELENG_7_2_0_RELEASE:1.47.2.2.4.1
	RELENG_7_2:1.47.2.2.0.4
	RELENG_7_2_BP:1.47.2.2
	RELENG_7_1_0_RELEASE:1.47.2.2.2.1
	RELENG_6_4_0_RELEASE:1.42.2.4.6.1
	RELENG_7_1:1.47.2.2.0.2
	RELENG_7_1_BP:1.47.2.2
	RELENG_6_4:1.42.2.4.0.6
	RELENG_6_4_BP:1.42.2.4
	RELENG_7_0_0_RELEASE:1.47
	RELENG_6_3_0_RELEASE:1.42.2.4
	RELENG_7_0:1.47.0.4
	RELENG_7_0_BP:1.47
	RELENG_6_3:1.42.2.4.0.4
	RELENG_6_3_BP:1.42.2.4
	RELENG_7:1.47.0.2
	RELENG_7_BP:1.47
	RELENG_6_2_0_RELEASE:1.42.2.4
	RELENG_6_2:1.42.2.4.0.2
	RELENG_6_2_BP:1.42.2.4
	OpenSSH_4_5p1:1.1.1.16
	OpenSSH_4_4p1:1.1.1.16
	RELENG_5_5_0_RELEASE:1.40.2.1
	RELENG_5_5:1.40.2.1.0.2
	RELENG_5_5_BP:1.40.2.1
	RELENG_6_1_0_RELEASE:1.42.2.1
	RELENG_6_1:1.42.2.1.0.4
	RELENG_6_1_BP:1.42.2.1
	OpenSSH_4_3p1:1.1.1.15
	RELENG_6_0_0_RELEASE:1.42.2.1
	RELENG_6_0:1.42.2.1.0.2
	RELENG_6_0_BP:1.42.2.1
	OpenSSH_4_2p1:1.1.1.14
	RELENG_6:1.42.0.2
	RELENG_6_BP:1.42
	OpenSSH_4_1p1:1.1.1.13
	OpenSSH_4_0p1:1.1.1.13
	RELENG_5_4_0_RELEASE:1.40
	RELENG_5_4:1.40.0.6
	RELENG_5_4_BP:1.40
	RELENG_4_11_0_RELEASE:1.4.2.13
	RELENG_4_11:1.4.2.13.0.6
	RELENG_4_11_BP:1.4.2.13
	OpenSSH_3_9p1:1.1.1.12
	RELENG_5_3_0_RELEASE:1.40
	RELENG_5_3:1.40.0.4
	RELENG_5_3_BP:1.40
	RELENG_5:1.40.0.2
	RELENG_5_BP:1.40
	RELENG_4_10_0_RELEASE:1.4.2.13
	RELENG_4_10:1.4.2.13.0.4
	RELENG_4_10_BP:1.4.2.13
	OpenSSH_3_8_1p1:1.1.1.11
	OpenSSH_3_8p1:1.1.1.11
	RELENG_5_2_1_RELEASE:1.33
	RELENG_5_2_0_RELEASE:1.33
	OpenSSH_3_7_1p2:1.1.1.10
	RELENG_5_2:1.33.0.2
	RELENG_5_2_BP:1.33
	RELENG_4_9_0_RELEASE:1.4.2.13
	RELENG_4_9:1.4.2.13.0.2
	RELENG_4_9_BP:1.4.2.13
	RELENG_5_1_0_RELEASE:1.32
	RELENG_5_1:1.32.0.2
	RELENG_5_1_BP:1.32
	OpenSSH_3_6_1p1:1.1.1.9
	RELENG_4_8_0_RELEASE:1.4.2.12
	RELENG_4_8:1.4.2.12.0.2
	RELENG_4_8_BP:1.4.2.12
	RELENG_5_0_0_RELEASE:1.30
	RELENG_5_0:1.30.0.2
	RELENG_5_0_BP:1.30
	OpenSSH_3_5p1:1.1.1.9
	OPENSSH:1.1.1
	RELENG_4_7_0_RELEASE:1.4.2.10
	RELENG_4_7:1.4.2.10.0.2
	RELENG_4_7_BP:1.4.2.10
	RELENG_4_6_2_RELEASE:1.4.2.8.2.1
	RELENG_4_6_1_RELEASE:1.4.2.8.2.1
	OpenSSH_3_4p1:1.1.1.8
	OpenSSH_3_3p1:1.1.1.8
	OpenSSH_3_3:1.1.1.7
	RELENG_4_6_0_RELEASE:1.4.2.8
	RELENG_4_6:1.4.2.8.0.2
	RELENG_4_6_BP:1.4.2.8
	OpenSSH_3_1:1.1.1.6
	RELENG_4_5_0_RELEASE:1.4.2.6
	RELENG_4_5:1.4.2.6.0.2
	RELENG_4_5_BP:1.4.2.6
	RELENG_4_4_0_RELEASE:1.4.2.5
	RELENG_4_4:1.4.2.5.0.4
	RELENG_4_4_BP:1.4.2.5
	OpenSSH_2_9:1.1.1.5
	RELENG_4_3_0_RELEASE:1.4.2.5
	RELENG_4_3:1.4.2.5.0.2
	RELENG_4_3_BP:1.4.2.5
	OpenSSH_2_3_0:1.1.1.4
	OpenBSD:1.1.1
	RELENG_4_2_0_RELEASE:1.4.2.3
	RELENG_4_1_1_RELEASE:1.4.2.2
	v_2_2_0_2000_09_09:1.1.1.3
	PRE_SMPNG:1.11
	RELENG_4_1_0_RELEASE:1.4.2.1
	v_2_1_0_2000_05_30:1.1.1.2
	v_2_1:1.1.1.2
	v_1_2_3_2000_03_25:1.1.1.1
	RELENG_4_0_0_RELEASE:1.4
	RELENG_4:1.4.0.2
	RELENG_4_BP:1.4
	v_1_2_2000_02_24:1.1.1.1
	OPENBSD:1.1.1;
locks; strict;
comment	@# @;


1.63
date	2013.06.29.00.31.34;	author svnexp;	state Exp;
branches;
next	1.62;

1.62
date	2013.05.18.00.28.34;	author svnexp;	state Exp;
branches;
next	1.61;

1.61
date	2013.03.23.02.26.25;	author svnexp;	state Exp;
branches
	1.61.2.1;
next	1.60;

1.60
date	2013.03.19.02.23.05;	author svnexp;	state Exp;
branches;
next	1.59;

1.59
date	2012.11.17.01.49.01;	author svnexp;	state Exp;
branches;
next	1.58;

1.58
date	2012.09.03.16.51.41;	author des;	state Exp;
branches;
next	1.57;

1.57
date	2011.10.05.22.08.17;	author des;	state Exp;
branches;
next	1.56;

1.56
date	2011.08.03.19.14.22;	author brooks;	state Exp;
branches
	1.56.2.1;
next	1.55;

1.55
date	2011.05.04.07.34.44;	author des;	state Exp;
branches;
next	1.54;

1.54
date	2010.11.11.11.46.19;	author des;	state Exp;
branches;
next	1.53;

1.53
date	2010.04.28.10.36.33;	author des;	state Exp;
branches;
next	1.52;

1.52
date	2010.03.09.19.16.43;	author des;	state Exp;
branches;
next	1.51;

1.51
date	2009.10.11.14.27.33;	author des;	state Exp;
branches;
next	1.50;

1.50
date	2009.10.01.17.12.52;	author des;	state Exp;
branches;
next	1.49;

1.49
date	2009.05.22.18.46.28;	author des;	state Exp;
branches
	1.49.2.1;
next	1.48;

1.48
date	2008.08.01.02.48.36;	author des;	state Exp;
branches;
next	1.47;

1.47
date	2006.11.10.16.52.41;	author des;	state Exp;
branches
	1.47.2.1;
next	1.46;

1.46
date	2006.09.30.13.39.07;	author des;	state Exp;
branches;
next	1.45;

1.45
date	2006.09.30.13.38.05;	author des;	state Exp;
branches;
next	1.44;

1.44
date	2006.03.22.20.41.37;	author des;	state Exp;
branches;
next	1.43;

1.43
date	2005.09.03.07.04.23;	author des;	state Exp;
branches;
next	1.42;

1.42
date	2005.06.05.15.46.07;	author des;	state Exp;
branches
	1.42.2.1;
next	1.41;

1.41
date	2004.10.28.16.11.28;	author des;	state Exp;
branches;
next	1.40;

1.40
date	2004.04.20.09.37.29;	author des;	state Exp;
branches
	1.40.2.1
	1.40.4.1
	1.40.6.1;
next	1.39;

1.39
date	2004.03.15.18.38.29;	author des;	state Exp;
branches;
next	1.38;

1.38
date	2004.02.26.11.54.03;	author des;	state Exp;
branches;
next	1.37;

1.37
date	2004.02.26.10.52.31;	author des;	state Exp;
branches;
next	1.36;

1.36
date	2004.02.26.10.24.07;	author des;	state Exp;
branches;
next	1.35;

1.35
date	2004.02.19.15.53.31;	author des;	state Exp;
branches;
next	1.34;

1.34
date	2004.01.07.11.16.24;	author des;	state Exp;
branches;
next	1.33;

1.33
date	2003.09.24.19.20.23;	author des;	state Exp;
branches;
next	1.32;

1.32
date	2003.04.23.17.10.53;	author des;	state Exp;
branches
	1.32.2.1;
next	1.31;

1.31
date	2003.02.11.12.11.15;	author des;	state Exp;
branches;
next	1.30;

1.30
date	2002.11.05.17.17.09;	author des;	state Exp;
branches;
next	1.29;

1.29
date	2002.10.29.10.16.02;	author des;	state Exp;
branches;
next	1.28;

1.28
date	2002.07.26.15.16.56;	author fanf;	state Exp;
branches;
next	1.27;

1.27
date	2002.07.03.00.08.19;	author des;	state Exp;
branches;
next	1.26;

1.26
date	2002.06.30.10.32.09;	author des;	state Exp;
branches;
next	1.25;

1.25
date	2002.06.29.10.55.18;	author des;	state Exp;
branches;
next	1.24;

1.24
date	2002.06.27.22.42.08;	author des;	state Exp;
branches;
next	1.23;

1.23
date	2002.06.23.16.09.08;	author des;	state Exp;
branches;
next	1.22;

1.22
date	2002.05.01.22.39.53;	author obrien;	state Exp;
branches;
next	1.21;

1.21
date	2002.04.25.16.50.35;	author des;	state Exp;
branches;
next	1.20;

1.20
date	2002.04.25.05.59.53;	author jkh;	state Exp;
branches;
next	1.19;

1.19
date	2002.04.02.21.53.54;	author des;	state Exp;
branches;
next	1.18;

1.18
date	2002.03.18.10.09.43;	author des;	state Exp;
branches;
next	1.17;

1.17
date	2001.05.18.18.10.02;	author obrien;	state Exp;
branches;
next	1.16;

1.16
date	2001.05.05.13.48.13;	author green;	state Exp;
branches;
next	1.15;

1.15
date	2001.05.04.04.14.23;	author green;	state Exp;
branches;
next	1.14;

1.14
date	2001.01.13.07.57.43;	author green;	state Exp;
branches;
next	1.13;

1.13
date	2000.12.05.02.55.12;	author green;	state Exp;
branches;
next	1.12;

1.12
date	2000.09.10.09.35.38;	author kris;	state Exp;
branches;
next	1.11;

1.11
date	2000.09.02.03.49.22;	author kris;	state Exp;
branches;
next	1.10;

1.10
date	2000.08.23.09.47.25;	author kris;	state Exp;
branches;
next	1.9;

1.9
date	2000.07.16.05.52.25;	author peter;	state Exp;
branches;
next	1.8;

1.8
date	2000.05.23.06.06.54;	author ache;	state Exp;
branches;
next	1.7;

1.7
date	2000.05.18.06.04.23;	author kris;	state Exp;
branches;
next	1.6;

1.6
date	2000.05.15.05.40.27;	author kris;	state Exp;
branches;
next	1.5;

1.5
date	2000.05.15.05.24.25;	author kris;	state Exp;
branches;
next	1.4;

1.4
date	2000.02.26.02.24.38;	author peter;	state Exp;
branches
	1.4.2.1;
next	1.3;

1.3
date	2000.02.24.23.46.38;	author markm;	state Exp;
branches;
next	1.2;

1.2
date	2000.02.24.15.29.42;	author markm;	state Exp;
branches;
next	1.1;

1.1
date	2000.02.24.14.29.46;	author markm;	state Exp;
branches
	1.1.1.1;
next	;

1.61.2.1
date	2013.03.23.02.26.25;	author svnexp;	state dead;
branches;
next	1.61.2.2;

1.61.2.2
date	2013.03.28.13.02.26;	author svnexp;	state Exp;
branches;
next	1.61.2.3;

1.61.2.3
date	2013.05.16.14.26.50;	author svnexp;	state Exp;
branches;
next	;

1.56.2.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.56.2.1.2.1
	1.56.2.1.4.1;
next	1.56.2.2;

1.56.2.2
date	2012.11.17.11.36.10;	author svnexp;	state Exp;
branches;
next	1.56.2.3;

1.56.2.3
date	2013.02.28.18.51.26;	author svnexp;	state Exp;
branches;
next	1.56.2.4;

1.56.2.4
date	2013.03.18.16.44.43;	author svnexp;	state Exp;
branches;
next	1.56.2.5;

1.56.2.5
date	2013.05.30.13.02.58;	author svnexp;	state Exp;
branches;
next	1.56.2.6;

1.56.2.6
date	2013.06.28.10.01.43;	author svnexp;	state Exp;
branches;
next	1.56.2.7;

1.56.2.7
date	2014.03.31.15.01.51;	author svnexp;	state Exp;
branches;
next	1.56.2.8;

1.56.2.8
date	2014.04.20.14.01.43;	author svnexp;	state Exp;
branches;
next	;

1.56.2.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.56.2.1.2.2;

1.56.2.1.2.2
date	2012.11.17.08.36.10;	author svnexp;	state Exp;
branches;
next	;

1.56.2.1.4.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.56.2.1.4.2;

1.56.2.1.4.2
date	2012.11.17.08.47.00;	author svnexp;	state Exp;
branches;
next	;

1.49.2.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.49.2.1.2.1;
next	1.49.2.2;

1.49.2.2
date	2010.04.21.06.33.10;	author des;	state Exp;
branches
	1.49.2.2.2.1
	1.49.2.2.4.1;
next	1.49.2.3;

1.49.2.3
date	2011.11.30.12.47.36;	author bz;	state Exp;
branches
	1.49.2.3.2.1;
next	1.49.2.4;

1.49.2.4
date	2012.11.17.10.35.56;	author svnexp;	state Exp;
branches;
next	1.49.2.5;

1.49.2.5
date	2013.03.01.02.23.12;	author svnexp;	state Exp;
branches;
next	1.49.2.6;

1.49.2.6
date	2013.03.28.14.09.05;	author svnexp;	state Exp;
branches;
next	1.49.2.7;

1.49.2.7
date	2013.06.28.11.21.40;	author svnexp;	state Exp;
branches;
next	;

1.49.2.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.49.2.2.2.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.49.2.2.4.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.49.2.3.2.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.49.2.3.2.2;

1.49.2.3.2.2
date	2012.11.17.08.24.37;	author svnexp;	state Exp;
branches;
next	;

1.47.2.1
date	2008.09.01.20.03.13;	author des;	state Exp;
branches;
next	1.47.2.2;

1.47.2.2
date	2008.09.03.12.45.31;	author des;	state Exp;
branches
	1.47.2.2.2.1
	1.47.2.2.4.1
	1.47.2.2.6.1
	1.47.2.2.8.1;
next	1.47.2.3;

1.47.2.3
date	2012.11.17.08.01.14;	author svnexp;	state Exp;
branches;
next	;

1.47.2.2.2.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.47.2.2.4.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.47.2.2.6.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.47.2.2.8.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.47.2.2.8.2;

1.47.2.2.8.2
date	2012.11.17.08.16.36;	author svnexp;	state Exp;
branches;
next	;

1.42.2.1
date	2005.09.11.16.50.35;	author des;	state Exp;
branches
	1.42.2.1.2.1
	1.42.2.1.4.1;
next	1.42.2.2;

1.42.2.2
date	2006.09.30.19.50.57;	author simon;	state Exp;
branches;
next	1.42.2.3;

1.42.2.3
date	2006.10.06.14.07.17;	author des;	state Exp;
branches;
next	1.42.2.4;

1.42.2.4
date	2006.11.11.00.51.28;	author des;	state Exp;
branches
	1.42.2.4.6.1;
next	1.42.2.5;

1.42.2.5
date	2012.11.17.07.39.00;	author svnexp;	state Exp;
branches;
next	;

1.42.2.1.2.1
date	2006.09.30.19.53.20;	author simon;	state Exp;
branches;
next	;

1.42.2.1.4.1
date	2006.09.30.19.51.55;	author simon;	state Exp;
branches;
next	;

1.42.2.4.6.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;

1.40.2.1
date	2006.03.01.14.19.48;	author simon;	state Exp;
branches
	1.40.2.1.2.1;
next	1.40.2.2;

1.40.2.2
date	2006.09.30.19.54.03;	author simon;	state Exp;
branches;
next	;

1.40.2.1.2.1
date	2006.09.30.19.54.57;	author simon;	state Exp;
branches;
next	;

1.40.4.1
date	2006.03.01.14.24.51;	author simon;	state Exp;
branches;
next	1.40.4.2;

1.40.4.2
date	2006.09.30.19.56.37;	author simon;	state Exp;
branches;
next	;

1.40.6.1
date	2006.03.01.14.21.01;	author simon;	state Exp;
branches;
next	1.40.6.2;

1.40.6.2
date	2006.09.30.19.55.52;	author simon;	state Exp;
branches;
next	;

1.32.2.1
date	2003.09.24.20.23.11;	author des;	state Exp;
branches;
next	;

1.4.2.1
date	2000.06.09.07.10.22;	author kris;	state Exp;
branches;
next	1.4.2.2;

1.4.2.2
date	2000.09.22.09.44.17;	author kris;	state Exp;
branches;
next	1.4.2.3;

1.4.2.3
date	2000.10.28.23.00.51;	author kris;	state Exp;
branches;
next	1.4.2.4;

1.4.2.4
date	2001.01.12.04.25.59;	author green;	state Exp;
branches;
next	1.4.2.5;

1.4.2.5
date	2001.01.18.22.36.53;	author green;	state Exp;
branches;
next	1.4.2.6;

1.4.2.6
date	2001.09.28.01.33.35;	author green;	state Exp;
branches;
next	1.4.2.7;

1.4.2.7
date	2002.04.25.05.58.53;	author jkh;	state Exp;
branches;
next	1.4.2.8;

1.4.2.8
date	2002.04.25.16.53.25;	author des;	state Exp;
branches
	1.4.2.8.2.1;
next	1.4.2.9;

1.4.2.9
date	2002.07.03.22.11.44;	author des;	state Exp;
branches;
next	1.4.2.10;

1.4.2.10
date	2002.07.26.15.18.32;	author fanf;	state Exp;
branches
	1.4.2.10.2.1;
next	1.4.2.11;

1.4.2.11
date	2003.02.03.17.31.08;	author des;	state Exp;
branches;
next	1.4.2.12;

1.4.2.12
date	2003.02.11.12.11.54;	author des;	state Exp;
branches
	1.4.2.12.2.1;
next	1.4.2.13;

1.4.2.13
date	2003.09.24.19.28.35;	author des;	state Exp;
branches
	1.4.2.13.6.1;
next	1.4.2.14;

1.4.2.14
date	2006.09.30.19.57.15;	author simon;	state Exp;
branches;
next	1.4.2.15;

1.4.2.15
date	2012.11.17.07.22.33;	author svnexp;	state Exp;
branches;
next	;

1.4.2.8.2.1
date	2002.07.16.12.33.10;	author des;	state Exp;
branches;
next	1.4.2.8.2.2;

1.4.2.8.2.2
date	2003.09.24.19.54.21;	author des;	state Exp;
branches;
next	;

1.4.2.10.2.1
date	2003.09.24.19.51.42;	author des;	state Exp;
branches;
next	;

1.4.2.12.2.1
date	2003.09.24.19.47.43;	author des;	state Exp;
branches;
next	;

1.4.2.13.6.1
date	2006.09.30.19.58.07;	author simon;	state Exp;
branches;
next	;

1.1.1.1
date	2000.02.24.14.29.46;	author markm;	state Exp;
branches;
next	1.1.1.2;

1.1.1.2
date	2000.05.15.04.37.23;	author kris;	state Exp;
branches;
next	1.1.1.3;

1.1.1.3
date	2000.09.10.08.25.43;	author kris;	state Exp;
branches;
next	1.1.1.4;

1.1.1.4
date	2000.12.05.02.20.18;	author green;	state Exp;
branches;
next	1.1.1.5;

1.1.1.5
date	2001.05.04.03.57.04;	author green;	state Exp;
branches;
next	1.1.1.6;

1.1.1.6
date	2002.03.18.09.55.03;	author des;	state Exp;
branches;
next	1.1.1.7;

1.1.1.7
date	2002.06.23.14.01.53;	author des;	state Exp;
branches;
next	1.1.1.8;

1.1.1.8
date	2002.06.27.22.31.17;	author des;	state Exp;
branches;
next	1.1.1.9;

1.1.1.9
date	2002.10.29.09.42.58;	author des;	state Exp;
branches;
next	1.1.1.10;

1.1.1.10
date	2004.01.07.11.10.12;	author des;	state Exp;
branches;
next	1.1.1.11;

1.1.1.11
date	2004.02.26.10.38.47;	author des;	state Exp;
branches;
next	1.1.1.12;

1.1.1.12
date	2004.10.28.16.03.51;	author des;	state Exp;
branches;
next	1.1.1.13;

1.1.1.13
date	2005.06.05.15.40.48;	author des;	state Exp;
branches;
next	1.1.1.14;

1.1.1.14
date	2005.09.03.06.59.30;	author des;	state Exp;
branches;
next	1.1.1.15;

1.1.1.15
date	2006.03.22.19.46.10;	author des;	state Exp;
branches;
next	1.1.1.16;

1.1.1.16
date	2006.09.30.13.29.48;	author des;	state Exp;
branches;
next	;


desc
@@


1.63
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/252338
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@#	$OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $
#	$FreeBSD: head/crypto/openssh/sshd_config 252338 2013-06-28 09:41:59Z des $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum FreeBSD-20130515

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server

# Disable HPN tuning improvements.
#HPNDisabled no

# Buffer size for HPN to non-HPN connections.
#HPNBufferSize 2048

# TCP receive socket buffer polling for HPN.  Disable on non autotuning kernels.
#TcpRcvBufPoll yes

# Allow the use of the NONE cipher.
#NoneEnabled no

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	ForceCommand cvs server
@


1.62
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/250739
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d2 1
a2 1
#	$FreeBSD: head/crypto/openssh/sshd_config 250739 2013-05-17 09:12:33Z des $
d108 1
a108 1
#UsePrivilegeSeparation sandbox
@


1.61
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248619
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d2 1
a2 1
#	$FreeBSD: head/crypto/openssh/sshd_config 248619 2013-03-22 17:55:38Z des $
d118 1
a118 1
#VersionAddendum FreeBSD-20130322
@


1.61.2.1
log
@file sshd_config was added on branch RELENG_8_4 on 2013-03-28 13:02:26 +0000
@
text
@d1 142
@


1.61.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 140
#	$OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $
#	$FreeBSD: releng/8.4/crypto/openssh/sshd_config 247521 2013-03-01 02:06:04Z des $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum FreeBSD-20120901

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server

# Disable HPN tuning improvements.
#HPNDisabled no

# Buffer size for HPN to non-HPN connections.
#HPNBufferSize 2048

# TCP receive socket buffer polling for HPN.  Disable on non autotuning kernels.
#TcpRcvBufPoll yes

# Allow the use of the NONE cipher.
#NoneEnabled no

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	ForceCommand cvs server
@


1.61.2.3
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248829
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d2 1
a2 1
#	$FreeBSD: releng/8.4/crypto/openssh/sshd_config 248829 2013-03-28 13:45:45Z des $
d53 2
a54 1
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
@


1.60
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248465
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $
#	$FreeBSD: head/crypto/openssh/sshd_config 248465 2013-03-18 10:50:50Z des $
d57 3
d115 1
a115 1
#MaxStartups 10
d118 1
a118 1
#VersionAddendum FreeBSD-20120901
@


1.59
log
@Switching exporter and resync
@
text
@d2 1
a2 1
#	$FreeBSD: head/crypto/openssh/sshd_config 240075 2012-09-03 16:51:41Z des $
d53 1
a53 2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys
@


1.58
log
@SVN rev 240075 on 2012-09-03 16:51:41Z by des

Upgrade OpenSSH to 6.1p1.
@
text
@d2 1
a2 1
#	$FreeBSD$
@


1.57
log
@SVN rev 226046 on 2011-10-05 22:08:17Z by des

Upgrade to OpenSSH 5.9p1.

MFC after:	3 months
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $
a16 2
#VersionAddendum FreeBSD-20111001

d56 2
d106 1
a106 1
#UsePrivilegeSeparation yes
d116 1
@


1.56
log
@SVN rev 224638 on 2011-08-03 19:14:22Z by brooks

Add support for dynamically adjusted buffers to allow the full use of
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links).  Bandwidth-delay products up to 64MB are
supported.

Also add support (not compiled by default) for the None cypher.  The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line.  Additionally, the None cypher will only be activated after
authentication is complete.  To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.

This code is a style(9) compliant version of these features extracted
from the patches published at:

http://www.psc.edu/networking/projects/hpn-ssh/

Merging this patch has been a collaboration between me and Bjoern.

Reviewed by:	bz
Approved by:	re (kib), des (maintainer)
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
d11 1
a11 1
# possible, but leave them commented.  Uncommented options change a
d17 1
a17 1
#VersionAddendum FreeBSD-20110503
d53 4
a56 1
#AuthorizedKeysFile	.ssh/authorized_keys
@


1.56.2.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.56.2.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d2 1
a2 1
#	$FreeBSD: stable/9/crypto/openssh/sshd_config 224638 2011-08-03 19:14:22Z brooks $
@


1.56.2.3
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/247485
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $
#	$FreeBSD: stable/9/crypto/openssh/sshd_config 247485 2013-02-28 18:43:50Z des $
d11 1
a11 1
# possible, but leave them commented.  Uncommented options override the
d17 2
d53 1
a53 6

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none
d103 1
a103 1
#UsePrivilegeSeparation sandbox
a112 1
#VersionAddendum FreeBSD-20120901
@


1.56.2.4
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248468
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d2 1
a2 1
#	$FreeBSD: stable/9/crypto/openssh/sshd_config 248468 2013-03-18 15:27:59Z des $
d53 2
a54 1
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
@


1.56.2.5
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/251135
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $
#	$FreeBSD: stable/9/crypto/openssh/sshd_config 251135 2013-05-30 12:25:58Z des $
a56 3
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

d112 1
a112 1
#MaxStartups 10:30:100
d115 1
a115 1
#VersionAddendum FreeBSD-20130515
@


1.56.2.6
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/252339
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d2 1
a2 1
#	$FreeBSD: stable/9/crypto/openssh/sshd_config 252339 2013-06-28 09:55:00Z des $
d108 1
a108 1
#UsePrivilegeSeparation yes
@


1.56.2.7
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/263970
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
#	$FreeBSD: stable/9/crypto/openssh/sshd_config 263970 2014-03-31 14:39:56Z des $
a30 1
#HostKey /etc/ssh/ssh_host_ed25519_key
a35 3
# Ciphers and keying
#RekeyLimit default none

d88 1
a88 1
# and session processing. If this is enabled, PAM authentication will
a103 1
#PermitTTY yes
d118 1
a118 1
#VersionAddendum FreeBSD-20140324
a141 1
#	PermitTTY no
@


1.56.2.8
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/264693
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d2 1
a2 1
#	$FreeBSD: stable/9/crypto/openssh/sshd_config 264693 2014-04-20 13:12:32Z des $
d123 1
a123 1
#VersionAddendum FreeBSD-20140420
@


1.56.2.1.4.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.56.2.1.4.2
log
@Switch importer
@
text
@d2 1
a2 1
#	$FreeBSD: releng/9.1/crypto/openssh/sshd_config 224638 2011-08-03 19:14:22Z brooks $
@


1.56.2.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.56.2.1.2.2
log
@Switch importer
@
text
@d2 1
a2 1
#	$FreeBSD: releng/9.0/crypto/openssh/sshd_config 224638 2011-08-03 19:14:22Z brooks $
@


1.55
log
@SVN rev 221420 on 2011-05-04 07:34:44Z by des

Upgrade to OpenSSH 5.8p2.
@
text
@d120 12
@


1.54
log
@SVN rev 215116 on 2010-11-11 11:46:19Z by des

Upgrade to OpenSSH 5.6p1.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20101111
d32 1
@


1.53
log
@SVN rev 207319 on 2010-04-28 10:36:33Z by des

Upgrade to OpenSSH 5.5p1.
@
text
@d17 1
a17 1
#VersionAddendum FreeBSD-20100428
@


1.52
log
@SVN rev 204917 on 2010-03-09 19:16:43Z by des

Upgrade to OpenSSH 5.4p1.

MFC after:	1 month
@
text
@d17 1
a17 1
#VersionAddendum FreeBSD-20100308
@


1.51
log
@SVN rev 197957 on 2009-10-11 14:27:33Z by des

Remove dupe.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20091001
d24 2
a25 4
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
@


1.50
log
@SVN rev 197679 on 2009-10-01 17:12:52Z by des

Upgrade to OpenSSH 5.3p1.
@
text
@a19 1
#Protocol 2
@


1.49
log
@SVN rev 192595 on 2009-05-22 18:46:28Z by des

Upgrade to OpenSSH 5.2p1.

MFC after:	3 months
@
text
@d17 1
a17 1
#VersionAddendum FreeBSD-20090522
@


1.49.2.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.49.2.2
log
@SVN rev 206984 on 2010-04-21 06:33:10Z by des

MFH OpenSSH 5.4p1
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20100308
d20 1
d25 4
a28 2
# The default requires explicit activation of protocol 1
#Protocol 2
@


1.49.2.3
log
@SVN rev 228152 on 2011-11-30 12:47:36Z by bz

MFC r224638,224640,224642 (by brooks):

  Add support for dynamically adjusted buffers to allow the full use of
  the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
  trans-continental links).  Bandwidth-delay products up to 64MB are
  supported.

  Also add support (not compiled by default) for the None cypher.  The
  None cypher can only be enabled on non-interactive sessions (those
  without a pty where -T was not used) and must be enabled in both
  the client and server configuration files and on the client command
  line.  Additionally, the None cypher will only be activated after
  authentication is complete.  To enable the None cypher you must add
  -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
  /etc/make.conf.

  This code is a style(9) compliant version of these features extracted
  from the patches published at:

  http://www.psc.edu/networking/projects/hpn-ssh/

  Enable keyword expansion for $FreeBSD$ on files.

MFC r225852 (by des):

  Regenerate (ssh_namespace.h) after application of the HPN patch.

Discussed with:	brooks
@
text
@a118 12
# Disable HPN tuning improvements.
#HPNDisabled no

# Buffer size for HPN to non-HPN connections.
#HPNBufferSize 2048

# TCP receive socket buffer polling for HPN.  Disable on non autotuning kernels.
#TcpRcvBufPoll yes

# Allow the use of the NONE cipher.
#NoneEnabled no

@


1.49.2.4
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d2 1
a2 1
#	$FreeBSD: stable/8/crypto/openssh/sshd_config 228152 2011-11-30 12:47:36Z bz $
@


1.49.2.5
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/247521
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $
#	$FreeBSD: stable/8/crypto/openssh/sshd_config 247521 2013-03-01 02:06:04Z des $
d11 1
a11 1
# possible, but leave them commented.  Uncommented options override the
d17 2
a31 1
#HostKey /etc/ssh/ssh_host_ecdsa_key
d52 1
a52 6

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none
d102 1
a102 1
#UsePrivilegeSeparation sandbox
a111 1
#VersionAddendum FreeBSD-20120901
@


1.49.2.6
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248828
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d2 1
a2 1
#	$FreeBSD: stable/8/crypto/openssh/sshd_config 248828 2013-03-28 13:38:02Z des $
d53 2
a54 1
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
@


1.49.2.7
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/252340
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d2 1
a2 1
#	$FreeBSD: stable/8/crypto/openssh/sshd_config 252340 2013-06-28 10:21:49Z des $
d105 1
a105 1
#UsePrivilegeSeparation yes
@


1.49.2.3.2.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.49.2.3.2.2
log
@Switch importer
@
text
@d2 1
a2 1
#	$FreeBSD: releng/8.3/crypto/openssh/sshd_config 228152 2011-11-30 12:47:36Z bz $
@


1.49.2.2.4.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.49.2.2.2.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.49.2.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.48
log
@SVN rev 181111 on 2008-08-01 02:48:36Z by des

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch.  One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago.  This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after:	6 weeks
@
text
@d17 1
a17 1
#VersionAddendum FreeBSD-20080801
@


1.47
log
@Resolve conflicts.
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.46 2006/09/30 13:39:07 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20061110
d25 5
d33 1
d38 1
a38 1
#ServerKeyBits 768
d51 1
d95 1
d114 1
d117 1
a117 1
#Banner /some/path
@


1.47.2.1
log
@SVN rev 182634 on 2008-09-01 20:03:13Z by des

MFH OpenSSH 5.1p1
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
#	$FreeBSD$
d17 1
a17 1
#VersionAddendum FreeBSD-20080901
a24 5
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

a27 1
#HostKey /etc/ssh/ssh_host_rsa_key
d32 1
a32 1
#ServerKeyBits 1024
a44 1
#MaxSessions 10
a87 1
#AllowAgentForwarding yes
a105 1
#ChrootDirectory none
d108 1
a108 1
#Banner none
@


1.47.2.2
log
@SVN rev 182720 on 2008-09-03 12:45:31Z by des

Revert to previous behaviour re host keys.  I inadvertently merged a little
too much from head.

Approved by:	re (kensmith)
@
text
@d33 1
@


1.47.2.3
log
@Switch importer
@
text
@d2 1
a2 1
#	$FreeBSD: stable/7/crypto/openssh/sshd_config 182720 2008-09-03 12:45:31Z des $
@


1.47.2.2.8.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.47.2.2.8.2
log
@Switch importer
@
text
@d2 1
a2 1
#	$FreeBSD: releng/7.4/crypto/openssh/sshd_config 182720 2008-09-03 12:45:31Z des $
@


1.47.2.2.6.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.47.2.2.4.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.47.2.2.2.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.46
log
@Bump version addendum.

MFC after:	1 week
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.45 2006/09/30 13:38:05 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060930
@


1.45
log
@Merge conflicts.

MFC after:	1 week
@
text
@d2 1
a2 1
#	$FreeBSD$
d17 1
a17 1
#VersionAddendum FreeBSD-20060322
@


1.44
log
@Merge conflicts.
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.43 2005/09/03 07:04:23 des Exp $
d77 1
a77 1
# Set this to 'no' to disable PAM authentication, account processing, 
d79 7
a85 6
# be allowed through the ChallengeResponseAuthentication mechanism. 
# Depending on your PAM configuration, this may bypass the setting of 
# PasswordAuthentication, PermitEmptyPasswords, and 
# "PermitRootLogin without-password". If you just want the PAM account and 
# session checks to run without PAM authentication, then enable this but set 
# ChallengeResponseAuthentication=no
d112 6
@


1.43
log
@Resolve conflicts.
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
#	$FreeBSD$
d17 1
a17 1
#VersionAddendum FreeBSD-20050903
d104 1
@


1.42
log
@Resolve conflicts.
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.41 2004/10/28 16:11:28 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20050605
d35 1
a35 1
#obsoletes QuietMode and FascistLogging
d98 1
a98 1
#Compression yes
@


1.42.2.1
log
@Upgrade to 4.2p1.

Approved by:	re (kensmith)
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.42 2005/06/05 15:46:07 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20050903
d35 1
a35 1
# obsoletes QuietMode and FascistLogging
d98 1
a98 1
#Compression delayed
@


1.42.2.1.2.1
log
@Correct multiple vulnerabilities in OpenSSH.

Security:	FreeBSD-SA-06:22.openssh
Approved by:	so (simon)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.42.2.1 2005/09/11 16:50:35 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060930
@


1.42.2.1.4.1
log
@Correct multiple vulnerabilities in OpenSSH.

Security:	FreeBSD-SA-06:22.openssh
Approved by:	so (simon)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.42.2.1 2005/09/11 16:50:35 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060930
@


1.42.2.2
log
@Correct multiple vulnerabilities in OpenSSH.

Security:	FreeBSD-SA-06:22.openssh
Approved by:	re (kensmith)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.42.2.1 2005/09/11 16:50:35 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060930
@


1.42.2.3
log
@MFC: OpenSSH 4.4p1.

Approved by:	re (kensmith)
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.46 2006/09/30 13:39:07 des Exp $
d77 1
a77 1
# Set this to 'no' to disable PAM authentication, account processing,
d79 6
a84 7
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
a103 1
#PermitTunnel no
a109 6

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	ForceCommand cvs server
@


1.42.2.4
log
@InstaMFC: OpenSSH 4.5p1

Approved by:	re (kensmith)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.42.2.3 2006/10/06 14:07:17 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20061110
@


1.42.2.5
log
@Switch importer
@
text
@d2 1
a2 1
#	$FreeBSD: stable/6/crypto/openssh/sshd_config 164158 2006-11-11 00:51:29Z des $
@


1.42.2.4.6.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@d2 1
a2 1
#	$FreeBSD$
@


1.41
log
@Resolve conflicts
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20041028
d21 1
@


1.40
log
@Adjust version number and addendum.
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.39 2004/03/15 18:38:29 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20040419
d43 1
d76 8
a83 2
# Set this to 'no' to disable PAM authentication (via challenge-response)
# and session processing.
@


1.40.4.1
log
@Correct a remote DoS in OpenSSH when using PAM and privilege
separation. [06:09]

Submitted by:	des

Correct a remote kernel panic when processing zero-length RPC records
via TCP. [06:10]

Security:	FreeBSD-SA-06:09.openssh
Security:	FreeBSD-SA-06:10.nfs
Approved by:	so (cperciva)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060123
@


1.40.4.2
log
@Correct multiple vulnerabilities in OpenSSH.

Security:	FreeBSD-SA-06:22.openssh
Approved by:	so (simon)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.40.4.1 2006/03/01 14:24:51 simon Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060930
@


1.40.6.1
log
@Correct a remote DoS in OpenSSH when using PAM and privilege
separation. [06:09]

Submitted by:	des

Correct a remote kernel panic when processing zero-length RPC records
via TCP. [06:10]

Security:	FreeBSD-SA-06:09.openssh
Security:	FreeBSD-SA-06:10.nfs
Approved by:	so (cperciva)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060123
@


1.40.6.2
log
@Correct multiple vulnerabilities in OpenSSH.

Security:	FreeBSD-SA-06:22.openssh
Approved by:	so (simon)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.40.6.1 2006/03/01 14:21:01 simon Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060930
@


1.40.2.1
log
@Correct a remote DoS in OpenSSH when using PAM and privilege
separation. [06:09]

Submitted by:	des

Correct a remote kernel panic when processing zero-length RPC records
via TCP. [06:10]

Security:	FreeBSD-SA-06:09.openssh
Security:	FreeBSD-SA-06:10.nfs
Approved by:	re (scottl)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060123
@


1.40.2.1.2.1
log
@Correct multiple vulnerabilities in OpenSSH.

Security:	FreeBSD-SA-06:22.openssh
Approved by:	so (simon)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.40.2.1 2006/03/01 14:19:48 simon Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060930
@


1.40.2.2
log
@Correct multiple vulnerabilities in OpenSSH.

Security:	FreeBSD-SA-06:22.openssh
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.40.2.1 2006/03/01 14:19:48 simon Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060930
@


1.39
log
@Correctly document the default value of UsePAM.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.38 2004/02/26 11:54:03 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20040226
@


1.38
log
@Update VersionAddendum in config files and man pages.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.37 2004/02/26 10:52:31 des Exp $
d75 3
a77 4
# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
#UsePAM no
@


1.37
log
@Resolve conflicts.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.36 2004/02/26 10:24:07 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20040106
@


1.36
log
@Pull asbesthos underpants on and disable protocol version 1 by default.
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.35 2004/02/19 15:53:31 des Exp $
d69 1
d73 1
a73 1
#GSSAPICleanupCreds yes
d77 2
a78 2
# bypass the setting of 'PasswordAuthentication'
#UsePAM yes
d87 1
a87 1
#KeepAlive yes
@


1.35
log
@Turn non-PAM password authentication off by default when USE_PAM is
defined.  Too many users are getting bitten by it.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.34 2004/01/07 11:16:24 des Exp $
d20 1
a20 1
#Protocol 2,1
@


1.34
log
@Resolve conflicts and remove obsolete files.

Sponsored by:	registrar.no
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.33 2003/09/24 19:20:23 des Exp $
d58 2
a59 2
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
@


1.33
log
@Update version string.
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.32 2003/04/23 17:10:53 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20030924
d30 1
a30 1
#KeyRegenerationInterval 3600
d40 1
a40 1
#LoginGraceTime 120
a47 4
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
d55 2
d70 8
a77 4
#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
d79 2
d91 5
a96 1
#MaxStartups 10
a98 1
#VerifyReverseMapping no
@


1.32
log
@Resolve conflicts.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.31 2003/02/11 12:11:15 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20030423
@


1.32.2.1
log
@Update version string.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.32 2003/04/23 17:10:53 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20030924
@


1.31
log
@document the current default value for VersionAddendum.
@
text
@d2 1
a2 1
#	$FreeBSD$
d17 1
a17 1
#VersionAddendum FreeBSD-20030201
@


1.30
log
@Document the current default value for VersionAddendum.
@
text
@d17 1
a17 1
#VersionAddendum FreeBSD-20021029
@


1.29
log
@Resolve conflicts.
@
text
@d17 1
a17 1
#VersionAddendum FreeBSD-20020629
@


1.28
log
@FreeBSD doesn't use the host RSA key by default.

Reviewed by:	des
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
d85 1
@


1.27
log
@Two FreeBSD-specific nits in comments:
 - ChallengeResponseAuthentication controls PAM, not S/Key
 - We don't honor PAMAuthenticationViaKbdInt, because the code path it
   controls doesn't make sense for us, so don't mention it.

Sponsored by:	DARPA, NAI Labs
@
text
@a26 1
#HostKey /etc/ssh/ssh_host_rsa_key
@


1.26
log
@Forgot to update the addendum in the config files.
@
text
@d65 1
a65 1
# Change to no to disable s/key passwords
a76 4

# Set this to 'yes' to enable PAM keyboard-interactive authentication 
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
@


1.25
log
@Document FreeBSD defaults.

Sponsored by:	DARPA, NAI Labs
@
text
@d17 1
a17 1
#VersionAddendum FreeBSD-20020625
@


1.24
log
@Forcibly revert to mainline.
@
text
@d2 1
d14 5
d41 2
a42 2
#LoginGraceTime 600
#PermitRootLogin yes
d82 1
a82 1
#X11Forwarding no
@


1.23
log
@Resolve conflicts.  Known issues:

 - sshd fails to set TERM correctly.
 - privilege separation may break PAM and is currently turned off.
 - man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by:	DARPA, NAI Labs
@
text
@a1 1
#	$FreeBSD$
d6 2
a12 5
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20020402

d35 2
a36 2
#LoginGraceTime 120
#PermitRootLogin no
d72 5
a76 1
#X11Forwarding yes
d83 1
a83 2
#CheckMail yes
#UsePrivilegeSeparation no
@


1.22
log
@Usual after-import fixup of SCM IDs.
@
text
@d1 2
a2 2
#	$OpenBSD: src/usr.bin/ssh/sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $
# $FreeBSD$
d4 2
a5 2
# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.
d67 1
a67 2
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
d71 1
a71 2
# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes
d84 2
@


1.21
log
@Back out previous commit.
@
text
@d2 1
a2 1
#	$FreeBSD$
@


1.20
log
@Change default challenge/response behavior of sshd by popular demand.
This brings us into sync with the behavior of sshd on other Unix platforms.

Submitted by:	Joshua Goodall <joshua@@roughtrade.net>
@
text
@d63 2
a64 2
# Change to yes to enable s/key passwords
#ChallengeResponseAuthentication no
@


1.19
log
@Change the FreeBSD version addendum to "FreeBSD-20020402".  This shortens
the version string to 28 characters, which is below the 40-character limit
specified in the proposed SECSH standard.  Some servers, however (like the
one built into the Foundry BigIron line of switches) will hang when
confronted with a version string longer than 24 characters, so some users
may need to shorten it further.

Sponsored by:	DARPA, NAI Labs
@
text
@d63 2
a64 2
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
@


1.18
log
@Fix conflicts.
@
text
@d15 1
a15 1
#VersionAddendum FreeBSD localisations 20020318
@


1.17
log
@Restore the RSA host key to /etc/ssh/ssh_host_key.
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.16 2001/05/05 13:48:13 green Exp $
d7 11
a17 1
Port 22
d21 10
a30 21
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 120
KeyRegenerationInterval 3600
PermitRootLogin no
# ConnectionsPerPeriod has been deprecated completely

# After 10 unauthenticated connections, refuse 30% of the new ones, and
# refuse any more than 60 total.
MaxStartups 10:30:60
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
a32 2
SyslogFacility AUTH
LogLevel INFO
d34 4
d39 14
a52 4
RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
d54 4
a57 3
HostbasedAuthentication no
#
RSAAuthentication yes
d60 2
a61 2
PasswordAuthentication yes
PermitEmptyPasswords no
d63 2
a64 2
# Uncomment to disable s/key passwords 
#ChallengeResponseAuthentication no
d66 3
a68 2
# To change Kerberos options
#KerberosAuthentication no
d70 4
a73 2
#AFSTokenPassing no
#KerberosTicketCleanup no
d75 2
a76 2
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
d78 6
a83 1
CheckMail yes
d85 1
d87 4
a90 3
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
d92 1
@


1.16
log
@sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.15 2001/05/04 04:14:23 green Exp $
a11 1
HostKey /etc/ssh/ssh_host_rsa_key
@


1.15
log
@Fix conflicts for OpenSSH 2.9.
@
text
@d2 1
a2 1
#	$FreeBSD$
d11 3
a13 3
HostKey /etc/ssh_host_key
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_dsa_key
@


1.14
log
@/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
and giving a dire error to its lingering users.
@
text
@d1 5
a5 3
# This is ssh server systemwide configuration file.
#
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.13 2000/12/05 02:55:12 green Exp $
d11 3
a13 2
HostKey /etc/ssh/ssh_host_key
HostDsaKey /etc/ssh/ssh_host_dsa_key
d31 1
d43 2
d51 1
d53 1
a53 2
#SkeyAuthentication no
#KbdInteractiveAuthentication yes
d67 5
a71 2
# Uncomment if you want to enable sftp
#Subsystem	sftp	/usr/libexec/sftp-server
@


1.13
log
@Update to OpenSSH 2.3.0 with FreeBSD modifications.  OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd    auth    sufficient      pam_skey.so
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

Parts by:	Eivind Eklend <eivind@@FreeBSD.org>
@
text
@d3 1
a3 1
# $FreeBSD$
d15 1
a15 2
# Deprecated: rate-limit sshd connections to 5 connections per 10 seconds
# ConnectionsPerPeriod 5/10
@


1.12
log
@Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by:	gshapiro, peter, green
@
text
@d15 6
a20 2
# Rate-limit sshd connections to 5 connections per 10 seconds
ConnectionsPerPeriod 5/10
d48 1
a63 1
#MaxStartups 10:30:60
@


1.11
log
@Turn on X11Forwarding by default on the server. Any risk is to the client,
where it is already disabled by default.

Reminded by:	peter
@
text
@d3 1
a3 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.10 2000/08/23 09:47:25 kris Exp $
d56 4
@


1.10
log
@Increase the default value of LoginGraceTime from 60 seconds to 120
seconds.

PR:		20488
Submitted by:	rwatson
@
text
@d3 1
a3 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.9 2000/07/16 05:52:25 peter Exp $
d22 1
a22 1
X11Forwarding no
@


1.9
log
@Forced commit.  This is to try and help folks that used the international
crypto repo and have slightly different files but with the same version.
cvsup in 'checkout mode' has no trouble with this, but cvs can get really
silly about it.
@
text
@d3 1
a3 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.8 2000/05/23 06:06:54 ache Exp $
d12 1
a12 1
LoginGraceTime 60
@


1.8
log
@Turn on CheckMail to be more login-compatible by default
@
text
@d3 1
a3 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.7 2000/05/18 06:04:23 kris Exp $
@


1.7
log
@Correct two stupid typos in the DSA key location.

Submitted by:	Udo Schweigert <ust@@cert.siemens.de>
@
text
@d3 1
a3 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.6 2000/05/15 05:40:27 kris Exp $
d54 1
a54 1
#CheckMail yes
@


1.6
log
@Create a DSA host key if one does not already exist, and teach sshd_config
about it.
@
text
@d3 1
a3 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.5 2000/05/15 05:24:25 kris Exp $
d10 1
a10 1
HostKey /etc/ssh/ssh_dsa_host_key
@


1.5
log
@Resolve conflicts and update for FreeBSD.
@
text
@d3 1
a3 1
# $FreeBSD$
d10 1
@


1.4
log
@oops, update path to /etc/ssh/ssh_host_key
@
text
@d3 1
a3 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.3 2000/02/24 23:46:38 markm Exp $
d6 1
@


1.4.2.1
log
@MFC: OpenSSH 2.1.0 snapshot
@
text
@d3 1
a3 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.8 2000/05/23 06:06:54 ache Exp $
a5 1
#Protocol 2,1
a8 1
HostDsaKey /etc/ssh/ssh_host_dsa_key
d52 1
a52 1
CheckMail yes
@


1.4.2.2
log
@MFC: Sync with recent bugfixes and changes in -current.
@
text
@d3 1
a3 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.1 2000/06/09 07:10:22 kris Exp $
d12 1
a12 1
LoginGraceTime 120
d22 1
a22 1
X11Forwarding yes
@


1.4.2.3
log
@MFC: OpenSSH 2.2.0
@
text
@d3 1
a3 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.12 2000/09/10 09:35:38 kris Exp $
a55 4

# Uncomment if you want to enable sftp
#Subsystem	sftp	/usr/libexec/sftp-server
#MaxStartups 10:30:60
@


1.4.2.4
log
@MFC: OpenSSH 2.3.0

Reviewed by:	freefall
@
text
@d3 1
a3 1
# $FreeBSD$
d15 2
a16 6
# Deprecated: rate-limit sshd connections to 5 connections per 10 seconds
# ConnectionsPerPeriod 5/10

# After 10 unauthenticated connections, refuse 30% of the new ones, and
# refuse any more than 60 total.
MaxStartups 10:30:60
a43 1
#KbdInteractiveAuthentication yes
d59 1
@


1.4.2.5
log
@MFC: finish deprecating ConnectionsPerPeriod in favor of MaxStartups.
@
text
@d15 2
a16 1
# ConnectionsPerPeriod has been deprecated completely
@


1.4.2.6
log
@MFC: OpenSSH 2.9

The only difference between this and what's in -CURRENT is that the
default /etc/ssh/ssh_config sets "Protocol 1,2" for all hosts.  This can
be overrided entirely in user ~/.ssh/config files, as always.
@
text
@d1 2
a2 1
#	$OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
a4 3
# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

d10 1
a10 1
HostKey /etc/ssh/ssh_host_dsa_key
a27 1
#PrintLastLog no
a38 2
# similar for protocol version 2
HostbasedAuthentication no
a44 1

d46 2
a47 1
#ChallengeResponseAuthentication no
d61 2
a62 5
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem	sftp	/usr/libexec/sftp-server
@


1.4.2.7
log
@MFC: change default challenge/response behavior of sshd

Submitted by:	Joshua Goodall <joshua@@roughtrade.net>
@
text
@d2 1
a2 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.6 2001/09/28 01:33:35 green Exp $
d51 2
a52 2
# Uncomment to enable s/key passwords 
#ChallengeResponseAuthentication yes
@


1.4.2.8
log
@Back out previous commit.
@
text
@d2 1
a2 1
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.7 2002/04/25 05:58:53 jkh Exp $
d51 2
a52 2
# Uncomment to disable s/key passwords 
#ChallengeResponseAuthentication no
@


1.4.2.8.2.1
log
@Merge OpenSSH, OPIE, PAM and a number of dependencies from -STABLE.
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.9 2002/07/03 22:11:44 des Exp $
d4 2
a5 2
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
d7 1
a7 13
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20020629

#Port 22
d11 21
a31 10

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
d34 2
a36 4
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:
d38 4
a41 14
#LoginGraceTime 120
#PermitRootLogin no
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
d43 3
a45 4
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
d48 2
a49 2
#PasswordAuthentication yes
#PermitEmptyPasswords no
d51 2
a52 2
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
d54 1
a54 1
# Kerberos options
a56 2
#KerberosTicketCleanup yes

d58 1
d60 2
a61 2
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
d63 1
a63 6
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
a64 2
#UsePrivilegeSeparation no
#Compression yes
d66 3
a68 4
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
a69 1
# override default of no subsystems
@


1.4.2.8.2.2
log
@Update version string.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.8.2.1 2002/07/16 12:33:10 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20030924
@


1.4.2.9
log
@Synch up to OpenSSH 3.4p1 - very nearly the same sources as in -CURRENT,
with a slightly different config.h to account for differences between
-CURRENT and -STABLE.

Privilege separation defaults to off for now as it breaks some aspects
of Kerberos authentication.

Sponsored by:	DARPA, NAI Labs
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.26 2002/06/30 10:32:09 des Exp $
d4 2
a5 2
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
d7 1
a7 13
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20020629

#Port 22
d11 21
a31 10

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
d34 2
a36 4
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:
d38 4
a41 14
#LoginGraceTime 120
#PermitRootLogin no
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
d43 3
a45 4
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
d48 2
a49 2
#PasswordAuthentication yes
#PermitEmptyPasswords no
d51 2
a52 2
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
d54 1
a54 1
# Kerberos options
a56 2
#KerberosTicketCleanup yes

d58 1
d60 2
a61 2
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
d63 1
a63 6
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
a64 2
#UsePrivilegeSeparation no
#Compression yes
d66 3
a68 4
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
a69 1
# override default of no subsystems
@


1.4.2.10
log
@MFC:
  FreeBSD doesn't use the host RSA key by default.

  Revision  Changes    Path
  1.24      +2 -4      src/crypto/openssh/sshd.8
  1.28      +0 -1      src/crypto/openssh/sshd_config
  1.6       +0 -2      src/crypto/openssh/sshd_config.5
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.9 2002/07/03 22:11:44 des Exp $
d27 1
@


1.4.2.10.2.1
log
@Update version string.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.10 2002/07/26 15:18:32 fanf Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20030924
@


1.4.2.11
log
@MFC: OpenSSH 3.5p1, with all FreeBSD patches.
@
text
@d1 2
a2 2
#	$OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
#	$FreeBSD$
d17 1
a17 1
#VersionAddendum FreeBSD-20021029
d84 1
a84 2
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
@


1.4.2.12
log
@InstaMFC: document the correct VersionAddendum.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.11 2003/02/03 17:31:08 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20030201
@


1.4.2.12.2.1
log
@Update version string.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.12 2003/02/11 12:11:54 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20030924
@


1.4.2.13
log
@Update version string.
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.12 2003/02/11 12:11:54 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20030924
@


1.4.2.13.6.1
log
@Correct multiple vulnerabilities in OpenSSH.

Security:	FreeBSD-SA-06:22.openssh
Approved by:	so (simon)
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.13 2003/09/24 19:28:35 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060930
@


1.4.2.14
log
@Correct multiple vulnerabilities in OpenSSH.

Security:	FreeBSD-SA-06:22.openssh
@
text
@d2 1
a2 1
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.13 2003/09/24 19:28:35 des Exp $
d17 1
a17 1
#VersionAddendum FreeBSD-20060930
@


1.4.2.15
log
@Switch importer
@
text
@d2 1
a2 1
#	$FreeBSD: stable/4/crypto/openssh/sshd_config 162895 2006-09-30 19:57:15Z simon $
@


1.3
log
@remove ports junk
@
text
@d3 1
a3 1
# $FreeBSD$
d8 1
a8 1
HostKey /etc/ssh_host_key
@


1.2
log
@Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)
@
text
@d8 1
a8 1
HostKey __PREFIX__/etc/ssh_host_key
@


1.1
log
@Initial revision
@
text
@d2 2
d8 1
a8 1
HostKey /etc/ssh_host_key
d10 1
a10 1
LoginGraceTime 600
d12 3
a14 2
PermitRootLogin yes
#
@


1.1.1.1
log
@Vendor import of OpenSSH.
@
text
@@


1.1.1.2
log
@Initial import of OpenSSH v2.1.
@
text
@a3 1
#Protocol 2,1
@


1.1.1.3
log
@Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09
@
text
@a51 4

# Uncomment if you want to enable sftp
#Subsystem	sftp	/usr/libexec/sftp-server
#MaxStartups 10:30:60
@


1.1.1.4
log
@Import of OpenSSH 2.3.0 (virgin OpenBSD source release).
@
text
@a39 1
#KbdInteractiveAuthentication yes
@


1.1.1.5
log
@Say "hi" to the latest in the OpenSSH series, version 2.9!

Happy birthday to:	rwatson
@
text
@d1 1
a1 4
#	$OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.
a7 2
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_dsa_key
a20 1
#PrintLastLog no
a31 2
# similar for protocol version 2
HostbasedAuthentication no
a37 1

d39 2
a40 1
#ChallengeResponseAuthentication no
d54 2
a56 4
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem	sftp	/usr/libexec/sftp-server
@


1.1.1.6
log
@Vendor import of OpenSSH 3.1
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $
d6 1
a6 6
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
d10 18
a27 10

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
d30 2
a32 2
#SyslogFacility AUTH
#LogLevel INFO
d34 4
a37 16
# Authentication:

#LoginGraceTime 600
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
d39 3
a41 4
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
d44 2
a45 2
#PasswordAuthentication yes
#PermitEmptyPasswords no
d47 2
a48 2
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
d50 2
a51 3
# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
d53 2
a54 4
#KerberosTicketCleanup yes

# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes
d56 2
a57 2
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
d59 1
a59 6
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
d62 3
a64 4
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
a65 1
# override default of no subsystems
@


1.1.1.7
log
@Vendor import of OpenSSH 3.3.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
d3 2
a4 2
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
d61 2
a62 1
#KerberosAuthentication no
d66 2
a67 1
#AFSTokenPassing no
a78 2
#UsePrivilegeSeparation yes
#Compression yes
@


1.1.1.8
log
@Vendor import of OpenSSH 3.3p1.
@
text
@a5 2
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

a68 4

# Set this to 'yes' to enable PAM keyboard-interactive authentication 
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
@


1.1.1.9
log
@Vendor import of OpenSSH-portable 3.5p1.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
d35 1
a35 1
#LoginGraceTime 120
d74 1
a74 1
#PAMAuthenticationViaKbdInt no
a83 1
#PermitUserEnvironment no
@


1.1.1.10
log
@Vendor import of OpenSSH 3.7.1p2.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $
d25 1
a25 1
#KeyRegenerationInterval 1h
d35 1
a35 1
#LoginGraceTime 2m
d43 4
a53 2
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
d67 8
a74 8
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCreds yes

# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
#UsePAM yes
a75 2
#AllowTcpForwarding yes
#GatewayPorts no
d86 1
a86 4
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
a87 1

d90 1
@


1.1.1.11
log
@Vendor import of OpenSSH 3.8p1.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
a63 1
#KerberosGetAFSToken no
d67 1
a67 1
#GSSAPICleanupCredentials yes
d71 2
a72 2
# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
#UsePAM no
d81 1
a81 1
#TCPKeepAlive yes
@


1.1.1.12
log
@Vendor import of OpenSSH 3.9p1.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
a37 1
#MaxAuthTries 6
d70 3
a72 8
# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication mechanism. 
# Depending on your PAM configuration, this may bypass the setting of 
# PasswordAuthentication, PermitEmptyPasswords, and 
# "PermitRootLogin without-password". If you just want the PAM account and 
# session checks to run without PAM authentication, then enable this but set 
# ChallengeResponseAuthentication=no
@


1.1.1.13
log
@Vendor import of OpenSSH 4.0p1.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $
a14 1
#AddressFamily any
@


1.1.1.14
log
@Vendor import of OpenSSH 4.2p1.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
d30 1
a30 1
# obsoletes QuietMode and FascistLogging
d93 1
a93 1
#Compression delayed
@


1.1.1.15
log
@Vendor import of OpenSSH 4.3p1.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
a98 1
#PermitTunnel no
@


1.1.1.16
log
@Vendor import of OpenSSH 4.4p1.
@
text
@d1 1
a1 1
#	$OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
d74 6
a79 7
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
a105 6

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	ForceCommand cvs server
@


