4 # Example configuration file. Note that this attempts to present various
5 # configuration possibilities and may not actually give any sensible
6 # configuration. For real life example see the examples/ directory.
10 # Include global algorithms from the "silcalgs.conf" file. This file
11 # defines ciphers, hash functions, HMACs and PKCS algorithms that can
14 Include "@ETCDIR@/silcalgs.conf";
17 # General configuration options
19 # These defines the default behaviour of the server. Most of these values
20 # can be overridden with ConnectionParams, which can be defined independently
21 # for different connections.
24 # This is the default path where to search modules. If omitted
25 # built-in modules will be used. Built-in modules will also be
26 # used if a module file cannot be located.
27 module_path = "@MODULESDIR@";
29 # If both passphrase and public key authentication is set for a
30 # connection the public key authentication is the preferred one
31 # to use. Set this to `true' to prefer passphrase authentication
32 # over public key authentication in these cases.
33 #prefer_passphrase_auth = true;
35 # Set this to true if the server should require fully qualified
36 # domain names (FQDN) for incoming connections. If true, a host
37 # without FQDN cannot connect to the server.
38 #require_reverse_lookup = true;
40 # Maximum number of incoming connections allowed to this server.
41 # If more attempt to connet they will be refused.
42 connections_max = 1000;
44 # Maximum number of incoming connections allowed per single host.
45 # For example, if this is one (1) it means a host can link only
46 # once to the server. Attempting to connect more than once would be
47 # refused. This can be overridden with ConnectionParams.
48 #connections_max_per_host = 10;
50 # Default keepalive frequency (seconds). This can be overridden
51 # with ConnectionParams.
54 # Default reconnection parameters defines how the server reconnect
55 # to the remote if the connection was lost. The reconnection phase
56 # use so called exponential backoff algorithm; The reconnect
57 # interval grows when reconnect count grows. Next example will
58 # attempt to reconnect after 10 seconds of disconnect, and the
59 # interval grows up to 600 seconds or until 7 times was attempted
60 # to reconnect. These settings has effect only when connecting
63 # reconnect_count - how many times reconnect is attempted
64 # reconnect_interval - how often reconnect it performed (seconds)
65 # reconnect_interval_max - maximum interval for reconnect, the
66 # server never waits longer than this to
67 # reconnect (seconds).
68 # reconnect_keep_trying - whether to keep trying even after
69 # reconnect_count is reached (the interval
70 # will be reconnect_interval_max).
72 # These can be overridden with ConnectionParams.
74 reconnect_interval = 10;
75 reconnect_interval_max = 600;
76 reconnect_keep_trying = true;
78 # Key exchange protocol rekey interval (seconds). How often to
79 # regenerate the session key with the remote. Initiator will perform
80 # the rekey and this setting affects only when connecting as intiator.
81 # This can be overridden with ConnectionParams.
82 #key_exchange_rekey = 3600;
84 # Key exchange with Perfect Forward Secrecy (PFS). This will perform
85 # the rekey process with PFS, making the new key more secure since it
86 # is not dependent in any way of the old key. This will make the rekey
87 # process somewhat slower, than without PFS. This can be overridden
88 # with ConnectionParams.
89 #key_exchange_pfs = true;
91 # Key exchange timeout (seconds). If the key exchange protocol is not
92 # finished in this time period the remote connection will be closed.
93 #key_exchange_timeout = 60;
95 # Connection authentication timeout (seconds). If the connection
96 # authentication protocol is not finished in this time period the
97 # remote connection will be closed.
98 #conn_auth_timeout = 60;
100 # Channel key rekey interval (seconds). How often channel key is
101 # regenerated. Note that channel key regenerated also always when
102 # someone joins or leaves the channel.
103 #channel_rekey_secs = 3600;
112 # Server FQDN and IP address
114 hostname = "lassi.kuo.fi.ssh.com";
119 # ServerType field specifies the purpose of this server
120 # This is only a descriptive field.
122 ServerType = "Test Server";
125 # Geographic location
127 Location = "Kuopio, Finland";
132 Admin = "Foo T. Bar";
135 # Admin's email address
137 AdminEmail = "foo-admin@bar.com";
140 # Run SILC server as specific user and group. The server must be
141 # initially run as root.
147 # Public and private keys
149 PublicKey = "@ETCDIR@/silcd.pub";
150 PrivateKey = "@ETCDIR@/silcd.prv";
155 # Specifies the text file displayed on client connection
157 #MotdFile = "@ETCDIR@/motd.txt";
162 PidFile = "@PIDFILE@";
168 # This section is used to set various logging files, their paths, maximum
169 # sizes and logging options.
171 # There are only four defined channels allowed for defining (see below).
172 # The log channels have an importance value, and most important channels
173 # are redirected on the less important ones, thus setting a valid logging
174 # file for "infologfile" will ensure logging for all channels, while setting
175 # logging file for "errorlogfile" will ensure logging for channels "error"
180 # If QuickLogs is true, then the logging files will be updated
181 # real-time. This causes a bit more CPU and HDD activity, but
182 # reduces memory usage. (if unsure say true).
187 # (Only if QuickLogs is false)
188 # FlushDelay tells log files update delay in case you have chosen
194 File = "@LOGSDIR@/silcd.log";
198 File = "@LOGSDIR@/silcd_warnings.log";
202 File = "@LOGSDIR@/silcd_errors.log";
206 File = "@LOGSDIR@/silcd_fatals.log";
212 # Connection Parameters
214 # This section defined connection parameters. It is possible to use
215 # specific parameters in different connections, and to define different
216 # parameters to different connections. The parameters can define how the
217 # connection is handled and how the session is managed. If connection
218 # parameters are not used in connections the default values will apply
219 # (or values defined in General section). You can have multiple
220 # ConnectionParams blocks defined.
223 # unique name. The name is used to reference to this parameter
224 # block from the connections. This field is mandatory.
227 # Maximum number of connections allowed. More connections will be
228 # refused. This can be used for example to limit number of clients.
229 # Note that this never can be larger than the connections_max
230 # specified in General section.
231 connections_max = 200;
233 # Maximum number of connections allowed per host. For example, if
234 # this is one (1) it means a host can link only once to the server.
235 # Attempting to link more than once would be refused.
237 # If this connection parameters block is used with incoming server
238 # connections it is recommended that this value is set to one (1).
239 connections_max_per_host = 10;
241 # Keepalive frequency (seconds).
242 keepalive_secs = 300;
244 # Reconnection parameters defines how the server reconnects to
245 # the remote if the connection was lost. The reconnection phase
246 # use so called exponential backoff algorithm; The reconnect
247 # interval grows when reconnect count grows. Next example will
248 # attempt to reconnect after 10 seconds of disconnect, and the
249 # interval grows up to 600 seconds or until 7 times was attempted
250 # to reconnect. These settings has effect only when connecting
253 # reconnect_count - how many times reconnect is attempted
254 # reconnect_interval - how often reconnect it performed (seconds)
255 # reconnect_interval_max - maximum interval for reconnect, the
256 # server never waits longer than this to
257 # reconnect (seconds).
258 # reconnect_keep_trying - whether to keep trying even after
259 # reconnect_count is reached (the interval
260 # will be reconnect_interval_max).
262 reconnect_interval = 10;
263 reconnect_interval_max = 600;
264 reconnect_keep_trying = true;
266 # Key exchange protocol rekey interval (seconds). How often to
267 # regenerate the session key with the remote. Initiator will perform
268 # the rekey and this setting affects only when connecting as initiator.
269 #key_exchange_rekey = 3600;
271 # Key exchange with Perfect Forward Secrecy (PFS). This will perform
272 # the rekey process with PFS, making the new key more secure since it
273 # is not dependent in any way of the old key. This will make the rekey
274 # process somewhat slower, than without PFS.
275 #key_exchange_pfs = true;
278 #connections_interval - incoming connection interval limit ?
282 # Configured client connections.
284 # The "host" defines the incoming IP address or hostname of the client.
285 # If it is omitted all hosts will match this client connection. The
286 # "param" is optional and can be used to set specific connection parameters
287 # for this connection.
289 # The authentication data is specified by Passphrase and/or Publickey.
290 # If both are provided then both password and public key based authentication
291 # is allowed. If the Publickey is used it includes the file path to the
292 # public key file. If none of them is provided then authentication is not
295 # Next example connection will match to all incoming client connections,
296 # and no authentication is required
300 #Passphrase = "secret";
301 #PublicKey = "/path/to/the/public.key";
306 # Configured server administrator connections
308 # The fields "Host", "User", and "Nick", are optional but you are encouraged
309 # in using them to better identify your admins.
311 # The authentication data is specified by Passphrase and/or Publickey.
312 # If both are provided then both password and public key based authentication
313 # is allowed. If the Publickey is used it includes the file path to the
314 # public key file. If none of them is provided then authentication is not
321 Passphrase = "verysecret";
322 # Publickey = "/path/to/the/public.key";
326 # Configured server connections.
328 # If server connections are configured it means that this server is
329 # router server. Normal servers must not configure server connections.
330 # Thus, if this server is not router do not configure this section. If
331 # your server is router, this must be configured.
333 # The authentication data is specified by Passphrase and/or Publickey.
334 # If both are provided then both password and public key based authentication
335 # is allowed. If the Publickey is used it includes the file path to the
336 # public key file. If none of them is provided then authentication is not
339 # If the connection is backup connection then set the "Backup" option
340 # to true. For normal connections set it false. If it is set to true then
341 # this server will be backup router.
345 Passphrase = "verysecret";
346 #Publickey = "/path/to/the/public.key";
353 # Configured router connections
355 # For normal servers only one entry maybe configured to this section. It
356 # must be the router this server will be connected to. For router servers,
357 # this section includes all configured router connections. The first
358 # configured connection is the primary route.
360 # The authentication data is specified by Passphrase and/or Publickey.
361 # If both are provided then both password and public key based authentication
362 # is allowed. If the Publickey is used it includes the file path to the
363 # public key file. If none of them is provided then authentication is not
366 # If you are the initiator of the connection then set the "Initiator"
367 # option to true. If you are the responder of the connection (waiting for
368 # incoming connection) then set it to false.
370 # If the connection is backup router connection then set the "BackupHost"
371 # option to the IP address of the router that the backup router will
372 # replace if it becomes unavailable. Set also the router's port to the
373 # "BackupPort" option. For normal connection leave both commented. If this
374 # backup router is in our cell then set the "LocalBackup" option to true.
375 # If the backup router is in other cell then set it to false.
380 Passphrase = "verysecret";
381 #Publickey = "/path/to/the/public.key";
385 #BackupHost = "10.2.1.6";
393 # These connections are denied to connect to our server.
395 # The "Reason" field is mandatory, while the "Host" and "Port" fields can be
396 # omitted to match everything.
399 # Host = "10.2.1.99";
401 # Reason = "Go away spammer";
405 # Reason = "You are not welcome.";