1*67d48a8aSchristos# $NetBSD: sshd_config.in,v 1.2 2021/09/21 15:56:55 christos Exp $ 2e7ac4039Spooka 3e7ac4039Spooka# Basic settings. 4e7ac4039SpookaPort 22 5e7ac4039SpookaProtocol 2 6e7ac4039Spooka 7e7ac4039Spooka# Provide information to the user in case something goes wrong. 8e7ac4039SpookaLogLevel DEBUG1 9e7ac4039Spooka 10e7ac4039Spooka# The host key. It lives in the work directory because we need to set 11e7ac4039Spooka# very strict permissions on it and cannot modify the copy on the source 12e7ac4039Spooka# directory. 13e7ac4039SpookaHostKey @WORKDIR@/ssh_host_key 14e7ac4039Spooka 15e7ac4039Spooka# The authorized keys file we set up during the test to allow the client 16e7ac4039Spooka# to safely log in. We need to disable strict modes because ATF_WORKDIR 17e7ac4039Spooka# usually lives in /tmp, which has 1777 permissions and are not liked by 18e7ac4039Spooka# sshd. 19e7ac4039SpookaAuthorizedKeysFile @WORKDIR@/authorized_keys 20e7ac4039SpookaStrictModes no 21e7ac4039Spooka 22e7ac4039Spooka# Some settings to allow user runs of sshd. 23e7ac4039SpookaPidFile @WORKDIR@/sshd.pid 24e7ac4039SpookaUsePam no 25e7ac4039Spooka 26e7ac4039Spooka# The root user should also be able to run the tests. 27e7ac4039SpookaPermitRootLogin yes 28e7ac4039Spooka 29e7ac4039Spooka# Be restrictive about access to the temporary server. Only allow key-based 30e7ac4039Spooka# authentication. 31e7ac4039SpookaChallengeResponseAuthentication no 32e7ac4039SpookaGSSAPIAuthentication no 33e7ac4039SpookaHostbasedAuthentication no 34e7ac4039SpookaKerberosAuthentication no 35e7ac4039SpookaMaxAuthTries 1 36e7ac4039SpookaMaxStartups 1 37e7ac4039SpookaPasswordAuthentication no 38e7ac4039SpookaPubkeyAuthentication yes 39