Environment
Novell NetWare 6.5 Support Pack 8
Situation
There may be cases where a support pack does not update sys:\system\ssh\sshd_config , to show newly available configuration options.
Resolution
Here is a full example of the sshd_config file, as of NetWare 6.5 Support Pack 8:
# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
# NWConfVersion = 21
# NWConfVersion = 21
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 22
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
LogLevel INFO
LogPath sys:/etc/ssh/logs
LogMaxRotateFiles 7
LogMaxFileSize 4
LogRotationInterval 24
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
LogLevel INFO
LogPath sys:/etc/ssh/logs
LogMaxRotateFiles 7
LogMaxFileSize 4
LogRotationInterval 24
# Authentication:
LoginGraceTime 600
#PermitRootLogin yes
#StrictModes yes
#PermitRootLogin yes
#StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/keys/authorized_keys
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/keys/authorized_keys
# Change to yes if you don't trust /etc/ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts no
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
ChallengeResponseAuthentication yes
ClientAliveInterval 10
ClientAliveCountMax 6
KeepAlive yes
Compression yes
AllowTcpForwarding yes
GatewayPorts no
VerifyReverseMapping no
ClientAliveCountMax 6
KeepAlive yes
Compression yes
AllowTcpForwarding yes
GatewayPorts no
VerifyReverseMapping no
# no default banner path
#Banner /some/path
#Banner /some/path
# override default of no subsystems
Subsystem sftp SYS:/SYSTEM/sftp-svr.nlm
Subsystem sftp SYS:/SYSTEM/sftp-svr.nlm
#eDir (Novell Directory Services) specific options
#eDirNameContext <Your-Context>
#eDirNameContext <Your-Context>
# Multi server navigation, default yes
# yes, path is /servername/volume/dirpath
# no, path is /volume/dirpath
DoSFTPMultiServerNavigation yes
# yes, path is /servername/volume/dirpath
# no, path is /volume/dirpath
DoSFTPMultiServerNavigation yes
ldaptimeout 10
# Ignore users home dir unless on destination server, default no
IgnoreRemoteHomeDir no
IgnoreRemoteHomeDir no
# Proxy user and password for ldap searches, useful when
# anon binds are disabled. Name must be fully qualified
#ProxyName <Your-FDN>
#ProxyPassword <Your-password>
# anon binds are disabled. Name must be fully qualified
#ProxyName <Your-FDN>
#ProxyPassword <Your-password>
# Allow SSH console session access, default yes
AllowSSHSessions yes
AllowSSHSessions yes
# Restrict users to their home directory and below, default no
RestrictToHomeDir no
RestrictToHomeDir no
# File that contains list of users that are not restricted
UnrestrictFile /etc/ssh/unrestrict.txt
UnrestrictFile /etc/ssh/unrestrict.txt
# Ignore all eDir home directory settings, use defaults settings, default no
IgnoreAllHomeDir no
IgnoreAllHomeDir no
# Default settings for user without a home directory
# or when IgnoreAllHomeDir is yes, no defaults
#DefaultUserHomeDir /public
#DefaultUserHomeVolume sys
#DefaultUserHomeServer rhost
# or when IgnoreAllHomeDir is yes, no defaults
#DefaultUserHomeDir /public
#DefaultUserHomeVolume sys
#DefaultUserHomeServer rhost
# File name transactions are done using UTF8
# default no
SSHDSendUTF8FileNames no
# UTF8 file names to clients in this space separated aware list if
# SSHDSendUTF8FileNames is 'yes'. If SSHDSendUTF8FileNames 'yes' and
# this list is empty then all clients are considered UTF8 aware.
#UTF8AwareClients WinSCP_release_3.7.6
# default no
SSHDSendUTF8FileNames no
# UTF8 file names to clients in this space separated aware list if
# SSHDSendUTF8FileNames is 'yes'. If SSHDSendUTF8FileNames 'yes' and
# this list is empty then all clients are considered UTF8 aware.
#UTF8AwareClients WinSCP_release_3.7.6
# Space separated list of CommonName:FullDistinguishName pairs. Common name
# used during login will be converted to the FDN for authentication purposes.
# No default, maximum of 16
#edirAliasUserNames jack:cn=jack,o=novell ron:cn=ron,o=novell
# used during login will be converted to the FDN for authentication purposes.
# No default, maximum of 16
#edirAliasUserNames jack:cn=jack,o=novell ron:cn=ron,o=novell