4 # Example configuration file. Note that this attempts to present various
5 # configuration possibilities and may not actually give any sensible
6 # configuration. For real life example see the examples/ directory.
8 # Most of the settings in this file are optional. If some setting is
9 # mandatory it is mentioned separately. If some setting is omitted it means
10 # that its builtin default value will be used. Boolean values, that is
11 # setting something on or off, is done by setting either "true" or "false"
12 # value, respectively.
14 # The ServerInfo section is mandatory section. Other sections are optional.
15 # However, if General section is defined it must be defined before the
16 # ConnectionParams sections. On the other hand, the ConnectionParams section
17 # must be defined before Client, ServerConnection or RouterConnection
18 # sections. Other sections can be in free order.
22 # Include global algorithms from the "silcalgs.conf" file. This file
23 # defines ciphers, hash functions, HMACs and PKCS algorithms that can
26 Include "@ETCDIR@/silcalgs.conf";
29 # General configuration options
31 # These defines the default behaviour of the server. Most of these values
32 # can be overridden with ConnectionParams, which can be defined independently
33 # for different connections.
36 # This is the default path where to search modules. If omitted
37 # built-in modules will be used. Built-in modules will also be
38 # used if a module file cannot be located.
39 module_path = "@MODULESDIR@";
41 # If both passphrase and public key authentication is set for a
42 # connection the public key authentication is the preferred one
43 # to use. Set this to `true' to prefer passphrase authentication
44 # over public key authentication in these cases.
45 #prefer_passphrase_auth = true;
47 # Set this to true if the server should require fully qualified
48 # domain names (FQDN) for incoming connections. If true, a host
49 # without FQDN cannot connect to the server.
50 #require_reverse_lookup = true;
52 # Maximum number of incoming connections allowed to this server.
53 # If more attempt to connect they will be refused.
54 connections_max = 1000;
56 # Maximum number of incoming connections allowed per single host.
57 # For example, if this is one (1) it means a host can link only
58 # once to the server. Attempting to connect more than once would be
59 # refused. This can be overridden with ConnectionParams.
60 #connections_max_per_host = 10;
62 # Default keepalive frequency (seconds). This can be overridden
63 # with ConnectionParams.
66 # Default reconnection parameters defines how the server reconnect
67 # to the remote if the connection was lost. The reconnection phase
68 # use so called exponential backoff algorithm; The reconnect
69 # interval grows when reconnect count grows. Next example will
70 # attempt to reconnect after 10 seconds of disconnect, and the
71 # interval grows up to 600 seconds or until 7 times was attempted
72 # to reconnect. These settings has effect only when connecting
75 # reconnect_count - how many times reconnect is attempted
76 # reconnect_interval - how often reconnect it performed (seconds)
77 # reconnect_interval_max - maximum interval for reconnect, the
78 # server never waits longer than this to
79 # reconnect (seconds).
80 # reconnect_keep_trying - whether to keep trying even after
81 # reconnect_count is reached (the interval
82 # will be reconnect_interval_max).
84 # These can be overridden with ConnectionParams.
86 reconnect_interval = 10;
87 reconnect_interval_max = 600;
88 reconnect_keep_trying = true;
90 # Key exchange protocol rekey interval (seconds). How often to
91 # regenerate the session key with the remote. Initiator will perform
92 # the rekey and this setting affects only when connecting as intiator.
93 # This can be overridden with ConnectionParams.
94 #key_exchange_rekey = 3600;
96 # Key exchange with Perfect Forward Secrecy (PFS). This will perform
97 # the rekey process with PFS, making the new key more secure since it
98 # is not dependent in any way of the old key. This will make the rekey
99 # process somewhat slower, than without PFS. This can be overridden
100 # with ConnectionParams.
101 #key_exchange_pfs = true;
103 # Key exchange timeout (seconds). If the key exchange protocol is not
104 # finished in this time period the remote connection will be closed.
105 #key_exchange_timeout = 60;
107 # Connection authentication timeout (seconds). If the connection
108 # authentication protocol is not finished in this time period the
109 # remote connection will be closed.
110 #conn_auth_timeout = 60;
112 # Channel key rekey interval (seconds). How often channel key is
113 # regenerated. Note that channel key is regenerated also always when
114 # someone joins or leaves the channel.
115 #channel_rekey_secs = 3600;
124 # Server FQDN and IP address
126 hostname = "lassi.kuo.fi.ssh.com";
131 # ServerType field specifies the purpose of this server
132 # This is only a descriptive field.
134 ServerType = "Test Server";
137 # Geographic location
139 Location = "Kuopio, Finland";
144 Admin = "Foo T. Bar";
147 # Admin's email address
149 AdminEmail = "foo-admin@bar.com";
152 # Run SILC server as specific user and group. The server must be
153 # initially run as root.
159 # Public and private keys
161 PublicKey = "@ETCDIR@/silcd.pub";
162 PrivateKey = "@ETCDIR@/silcd.prv";
167 # Specifies the text file displayed on client connection
169 #MotdFile = "@ETCDIR@/motd.txt";
174 PidFile = "@PIDFILE@";
180 # This section is used to set various logging files, their paths, maximum
181 # sizes and logging options.
183 # There are only four defined channels allowed for defining (see below).
184 # The log channels have an importance value, and most important channels
185 # are redirected on the less important ones, thus setting a valid logging
186 # file for "Info" will ensure logging for all channels, while setting
187 # logging file for "Errors" will ensure logging for channels "Errors"
191 # If QuickLogs is true, then the logging files will be updated
192 # real-time. This causes a bit more CPU and HDD activity, but
193 # reduces memory usage. By default it is false and log files are
194 # written with FlushDelay timeout.
198 # FlushDelay tells log files update delay (seconds) in case you
199 # have chosen buffering output. This setting has effect only if
200 # the QuickLogs is false.
204 # Informational messages
206 File = "@LOGSDIR@/silcd.log";
212 File = "@LOGSDIR@/silcd_warnings.log";
218 File = "@LOGSDIR@/silcd_errors.log";
224 File = "@LOGSDIR@/silcd_fatals.log";
230 # Connection Parameters
232 # This section defined connection parameters. It is possible to use
233 # specific parameters in different connections, and to define different
234 # parameters to different connections. The parameters can define how the
235 # connection is handled and how the session is managed. If connection
236 # parameters are not used in connections the default values will apply
237 # (or values defined in General section). You can have multiple
238 # ConnectionParams blocks defined.
241 # unique name. The name is used to reference to this parameter
242 # block from the connections. This field is mandatory.
245 # Maximum number of connections allowed. More connections will be
246 # refused. This can be used for example to limit number of clients.
247 # Note that this never can be larger than the connections_max
248 # specified in General section.
249 connections_max = 200;
251 # Maximum number of connections allowed per host. For example, if
252 # this is one (1) it means a host can link only once to the server.
253 # Attempting to link more than once would be refused.
255 # If this connection parameters block is used with incoming server
256 # connections it is recommended that this value is set to one (1).
257 connections_max_per_host = 10;
259 # Keepalive frequency (seconds).
260 keepalive_secs = 300;
262 # Reconnection parameters defines how the server reconnects to
263 # the remote if the connection was lost. The reconnection phase
264 # use so called exponential backoff algorithm; The reconnect
265 # interval grows when reconnect count grows. Next example will
266 # attempt to reconnect after 10 seconds of disconnect, and the
267 # interval grows up to 600 seconds or until 7 times was attempted
268 # to reconnect. These settings has effect only when connecting
271 # reconnect_count - how many times reconnect is attempted
272 # reconnect_interval - how often reconnect it performed (seconds)
273 # reconnect_interval_max - maximum interval for reconnect, the
274 # server never waits longer than this to
275 # reconnect (seconds).
276 # reconnect_keep_trying - whether to keep trying even after
277 # reconnect_count is reached (the interval
278 # will be reconnect_interval_max).
280 reconnect_interval = 10;
281 reconnect_interval_max = 600;
282 reconnect_keep_trying = true;
284 # Key exchange protocol rekey interval (seconds). How often to
285 # regenerate the session key with the remote. Initiator will perform
286 # the rekey and this setting affects only when connecting as initiator.
287 #key_exchange_rekey = 3600;
289 # Key exchange with Perfect Forward Secrecy (PFS). This will perform
290 # the rekey process with PFS, making the new key more secure since it
291 # is not dependent in any way of the old key. This will make the rekey
292 # process somewhat slower, than without PFS.
293 #key_exchange_pfs = true;
296 #connections_interval - incoming connection interval limit ?
300 # Configured client connections.
302 # The "Host" defines the incoming IP address or hostname of the client.
303 # If it is omitted all hosts will match this client connection. The
304 # "Params" is optional and can be used to set specific connection parameters
305 # for this connection.
307 # The authentication data is specified by Passphrase and/or PublicKey.
308 # If both are provided then both password and public key based authentication
309 # is allowed. If the Publickey is used it includes the file path to the
310 # public key file. If none of them is provided then authentication is not
311 # required. The PublicKey can be set multiple times to set multiple
312 # public keys for one connection.
314 # Next example connection will match to all incoming client connections,
315 # and no authentication is required.
319 #Passphrase = "secret";
320 #PublicKey = "/path/to/the/user_my.key";
321 #PublicKey = "/path/to/the/user_221.key";
322 #PublicKey = "/path/to/the/user_313.key";
327 # Configured server administrator connections
329 # The fields "Host", "User", and "Nick", are optional but you are encouraged
330 # in using them to better identify your admins.
332 # The authentication data is specified by Passphrase and/or PublicKey.
333 # If both are provided then both password and public key based authentication
334 # is allowed. If the PublicKey is used it includes the file path to the
335 # public key file. If none of them is provided then authentication is not
342 Passphrase = "verysecret";
343 # PublicKey = "/path/to/the/public.key";
347 # Configured server connections.
349 # If server connections are configured it means that this server is
350 # router server. Normal servers must not configure server connections.
351 # Thus, if this server is not router do not configure this section. If
352 # your server is router, this must be configured.
354 # The authentication data is specified by Passphrase and/or PublicKey.
355 # If both are provided then both password and public key based authentication
356 # is allowed. If the PublicKey is used it includes the file path to the
357 # public key file. If none of them is provided then authentication is not
360 # If the connection is backup connection then set the "Backup" option
361 # to true. For normal connections set it false. If it is set to true then
362 # this server will be backup router.
366 Passphrase = "verysecret";
367 #PublicKey = "/path/to/the/public.key";
373 # Configured router connections
375 # For normal servers only one entry maybe configured to this section. It
376 # must be the router this server will be connected to. For router servers,
377 # this section includes all configured router connections. The first
378 # configured connection is the primary route.
380 # The authentication data is specified by Passphrase and/or PublicKey.
381 # If both are provided then both password and public key based authentication
382 # is allowed. If the PublicKey is used it includes the file path to the
383 # public key file. If none of them is provided then authentication is not
386 # If you are the initiator of the connection then set the "Initiator"
387 # option to true. If you are the responder of the connection (waiting for
388 # incoming connection) then set it to false.
390 # If the connection is backup router connection then set the "BackupHost"
391 # option to the IP address of the router that the backup router will
392 # replace if it becomes unavailable. Set also the router's port to the
393 # "BackupPort" option. For normal connection leave both commented. If this
394 # backup router is in our cell then set the "BackupLocal" option to true.
395 # If the backup router is in other cell then set it to false.
400 Passphrase = "verysecret";
401 #PublicKey = "/path/to/the/public.key";
404 #BackupHost = "10.2.1.6";
412 # These connections are denied to connect to our server.
414 # The "Reason" field is mandatory, while the "Host" field can be omitted to
418 # Host = "10.2.1.99";
419 # Reason = "Go away spammer";
423 # Reason = "You are not welcome.";