4 # Example configuration file. Note that this attempts to present various
5 # configuration possibilities and may not actually give any sensible
6 # configuration. For real life example see the examples/ directory.
10 # Include global algorithms from the "silcalgs.conf" file. This file
11 # defines ciphers, hash functions, HMACs and PKCS algorithms that can
14 Include "@ETCDIR@/silcalgs.conf";
17 # General configuration options
19 # These defines the default behaviour of the server. Most of these values
20 # can be overridden with ConnectionParam, which can be defined independently
21 # for different connections.
24 # This is the default path where to search modules. If omitted
25 # built-in modules will be used. Built-in modules will also be
26 # used if a module file cannot be located.
27 module_path = "@MODULESDIR@";
29 # If both passphrase and public key authentication is set for a
30 # connection the public key authentication is the preferred one
31 # to use. Set this to `true' to prefer passphrase authentication
32 # over public key authentication in these cases.
33 #prefer_passphrase_auth = true;
35 # Set this to true if you the server to require fully qualified
36 # domain names (FQDN) for incoming connections.
37 #require_reverse_lookup = false;
39 # Default keepalive frequency (seconds). This can be overridden
40 # with ConnectionParam.
43 # Default reconnection parameters defines how the server reconnect
44 # to the remote if the connection was lost. The reconnection phase
45 # use so called exponential backoff algorithm; The reconnect
46 # interval grows when reconnect count grows. Next example will
47 # attempt to reconnect after 10 seconds of disconnect, and the
48 # interval grows up to 600 seconds or until 7 times was attempted
51 # reconnect_count - how many times reconnect is attempted
52 # reconnect_interval - how often reconnect it performed (seconds)
53 # reconnect_interval_max - maximum interval for reconnect, the
54 # server never waits longer than this to
55 # reconnect (seconds).
56 # reconnect_keep_trying - whether to keep trying even after
57 # reconnect_count is reached (the interval
58 # will be reconnect_interval_max).
60 # These can be overridden with ConnectionParam.
62 reconnect_interval = 10;
63 reconnect_interval_max = 600;
64 reconnect_keep_trying = true;
72 # Server FQDN and IP address
74 hostname = "lassi.kuo.fi.ssh.com";
79 # ServerType field specifies the purpose of this server
80 # This is only a descriptive field.
82 ServerType = "Test Server";
87 Location = "Kuopio, Finland";
92 Admin = "Pekka Riikonen";
95 # Admin's email address
97 EMail = "priikone@poseidon.pspt.fi";
100 # Run SILC server as specific user and group. The server must be
101 # initially run as root.
107 # Public and private keys
109 PublicKey = "@ETCDIR@/silcd.pub";
110 PrivateKey = "@ETCDIR@/silcd.prv";
115 # Specifies the text file displayed on client connection
117 #MotdFile = "@ETCDIR@/motd.txt";
122 PidFile = "@PIDFILE@";
128 # This section is used to set various logging files, their paths, maximum
129 # sizes and logging options.
130 # There are only four defined channels allowed for defining (see below).
131 # The log channels have an importance value, and most important channels
132 # are redirected on the less important ones, thus setting a valid logging
133 # file for "infologfile" will ensure logging for all channels, while setting
134 # logging file for "errorlogfile" will ensure logging for channels "error"
139 # If QuickLogs is true, then the logging files will be updated
140 # real-time. This causes a bit more CPU and HDD activity, but
141 # reduces memory usage. (if unsure say true).
146 # (Only if QuickLogs is false)
147 # FlushDelay tells log files update delay in case you have chosen
153 File = "@LOGSDIR@/silcd.log";
157 File = "@LOGSDIR@/silcd_warnings.log";
161 File = "@LOGSDIR@/silcd_errors.log";
165 File = "@LOGSDIR@/silcd_fatals.log";
171 # Connection Parameters
173 # This section defined connection parameters. It is possible to use
174 # specific parameters in different connections, and to define different
175 # parameters to different connections. The parameters can define how the
176 # connection is handled and how the session is managed. If connection
177 # parameters are not used in connections the default values will apply
178 # (or values defined in General section). You can have multiple
179 # ConnectionParams blocks defined.
182 # unique name. The name is used to reference to this parameter
183 # block from the connections.
186 # Keepalive frequency (seconds).
187 keepalive_secs = 300;
189 # Reconnection parameters defines how the server reconnects to
190 # the remote if the connection was lost. The reconnection phase
191 # use so called exponential backoff algorithm; The reconnect
192 # interval grows when reconnect count grows. Next example will
193 # attempt to reconnect after 10 seconds of disconnect, and the
194 # interval grows up to 600 seconds or until 7 times was attempted
197 # reconnect_count - how many times reconnect is attempted
198 # reconnect_interval - how often reconnect it performed (seconds)
199 # reconnect_interval_max - maximum interval for reconnect, the
200 # server never waits longer than this to
201 # reconnect (seconds).
202 # reconnect_keep_trying - whether to keep trying even after
203 # reconnect_count is reached (the interval
204 # will be reconnect_interval_max).
206 reconnect_interval = 10;
207 reconnect_interval_max = 600;
208 reconnect_keep_trying = true;
211 #key_exchange_rekey - rekey timeout
212 #key_exchange_pfs - rekey PFS
213 #key_exchange_mutual_auth - SKE mutual auth
215 #connections_max - max incoming connection
216 #connections_interval - incoming connection interval limit ?
220 # Configured client connections.
222 # The "host" defines the incoming IP address or hostname of the client.
223 # If it is omitted all hosts will match this client connection. The
224 # "param" is optional and can be used to set specific connection parameters
225 # for this connection.
227 # The authentication data is specified by Passphrase and/or Publickey.
228 # If both are provided then both password and public key based authentication
229 # is allowed. If the Publickey is used it includes the file path to the
230 # public key file. If none of them is provided then authentication is not
233 # Next example connection will match to all incoming client connections,
234 # and no authentication is required
238 #passphrase = "secret";
239 #publickey = "/path/to/the/public.key";
244 # Configured server administrator connections
246 # The fields "Host", "User", and "Nick", are optional but you are encouraged
247 # in using them to better identify your admins.
249 # The authentication data is specified by Passphrase and/or Publickey.
250 # If both are provided then both password and public key based authentication
251 # is allowed. If the Publickey is used it includes the file path to the
252 # public key file. If none of them is provided then authentication is not
259 Passphrase = "verysecret";
260 # Publickey = "/path/to/the/public.key";
264 # Configured server connections.
266 # If server connections are configured it means that this server is
267 # router server. Normal servers must not configure server connections.
268 # Thus, if this server is not router do not configure this section. If
269 # your server is router, this must be configured.
271 # The authentication data is specified by Passphrase and/or Publickey.
272 # If both are provided then both password and public key based authentication
273 # is allowed. If the Publickey is used it includes the file path to the
274 # public key file. If none of them is provided then authentication is not
277 # If the connection is backup connection then set the "Backup" option
278 # to true. For normal connections set it false. If it is set to true then
279 # this server will be backup router.
283 Passphrase = "verysecret";
284 # Publickey = "/path/to/the/public.key";
291 # Configured router connections
293 # For normal servers only one entry maybe configured to this section. It
294 # must be the router this server will be connected to. For router servers,
295 # this section includes all configured router connections. The first
296 # configured connection is the primary route.
298 # The authentication data is specified by Passphrase and/or Publickey.
299 # If both are provided then both password and public key based authentication
300 # is allowed. If the Publickey is used it includes the file path to the
301 # public key file. If none of them is provided then authentication is not
304 # If you are the initiator of the connection then set the "Initiator"
305 # option to true. If you are the responder of the connection (waiting for
306 # incoming connection) then set it to false.
308 # If the connection is backup router connection then set the "BackupHost"
309 # option to the IP address of the router that the backup router will
310 # replace if it becomes unavailable. Set also the router's port to the
311 # "BackupPort" option. For normal connection leave both commented. If this
312 # backup router is in our cell then set the "LocalBackup" option to true.
313 # If the backup router is in other cell then set it to false.
318 Passphrase = "verysecret";
319 # Publickey = "/path/to/the/public.key";
323 #BackupHost = "10.2.1.6";
331 # These connections are denied to connect to our server.
333 # The "Reason" field is mandatory, while the "Host" and "Port" fields can be
334 # omitted to match everything.
337 # Host = "10.2.1.99";
339 # Reason = "Go away spammer";
343 # Reason = "You are not welcome.";