# # Example configuration file. Note that this attempts to present various # configuration possibilities and may not actually give any sensible # configuration. For real life example see the examples/ directory. # # # General configuration options # General { # This is the default path where to search modules # You can comment it out to use builtin modules globally. module_path = "@MODULESDIR@"; # If both passphrase and public key authentication is set for a # connection the public key authentication is the preferred one # to use. Set this to `true' to prefer passphrase authentication # over public key authentication in these cases. # # prefer_passphrase_auth = true; }; # # Configured ciphers # # The "Module" option can be either absolute or relative to the "ModulePath" # option. # If commented out forces using of built-in modules. # cipher { name = "aes-256-cbc"; module = "aes.sim.so"; keylength = 32; blocklength = 16; }; cipher { name = "aes-192-cbc"; module = "aes.sim.so"; keylength = 24; blocklength = 16; }; cipher { name = "aes-128-cbc"; module = "aes.sim.so"; keylength = 16; blocklength = 16; }; cipher { name = "twofish-256-cbc"; module = "twofish.sim.so"; keylength = 32; blocklength = 16; }; cipher { name = "twofish-192-cbc"; module = "twofish.sim.so"; keylength = 24; blocklength = 16; }; cipher { name = "twofish-128-cbc"; module = "twofish.sim.so"; keylength = 16; blocklength = 16; }; cipher { name = "mars-256-cbc"; module = "mars.sim.so"; keylength = 32; blocklength = 16; }; cipher { name = "mars-192-cbc"; module = "mars.sim.so"; keylength = 24; blocklength = 16; }; cipher { name = "mars-128-cbc"; module = "mars.sim.so"; keylength = 16; blocklength = 16; }; cipher { name = "none"; module = "none.sim.so"; }; # # Configured hash functions # hash { name = "sha1"; blocklength = 64; digestlength = 20; }; hash { name = "md5"; blocklength = 64; digestlength = 16; }; # # Configured HMAC functions. The hash function used in the HMAC must # be configured in the hash section. # hmac { name = "hmac-sha1-96"; hash = "sha1"; maclength = 12; }; hmac { name = "hmac-md5-96"; hash = "md5"; maclength = 12; }; hmac { name = "hmac-sha1"; hash = "sha1"; maclength = 20; }; hmac { name = "hmac-md5"; hash = "md5"; maclength = 16; }; # # Configured PKCS # PKCS { name = "rsa"; }; # # Server information # ServerInfo { # # Server FQDN and IP address # hostname = "lassi.kuo.fi.ssh.com"; ip = "10.2.1.6"; port = 706; # # ServerType field specifies the purpose of this server # This is only a descriptive field. # ServerType = "Test Server"; # # Geographic location # Location = "Kuopio, Finland"; # # Full admin name # Admin = "Pekka Riikonen"; # # Admin's email address # EMail = "priikone@poseidon.pspt.fi"; # # Run SILC server as specific user and group. The server must be # initially run as root. # User = "nobody"; Group = "nobody"; # # Public and private keys # PublicKey = "@ETCDIR@/silcd.pub"; PrivateKey = "@ETCDIR@/silcd.prv"; # # Motd file # # Specifies the text file displayed on client connection # #MotdFile = "@ETCDIR@/motd.txt"; # # Pid file # PidFile = "@PIDFILE@"; }; # # Log files. # # This section is used to set various logging files, their paths, maximum # sizes and logging options. # There are only four defined channels allowed for defining (see below). # The log channels have an importance value, and most important channels # are redirected on the less important ones, thus setting a valid logging # file for "infologfile" will ensure logging for all channels, while setting # logging file for "errorlogfile" will ensure logging for channels "error" # and "fatal" # Logging { # # If QuickLogs is true, then the logging files will be updated # real-time. This causes a bit more CPU and HDD activity, but # reduces memory usage. (if unsure say true). # QuickLogs = false; # # (Only if QuickLogs is false) # FlushDelay tells log files update delay in case you have chosen # buffering output. # FlushDelay = 180; Info { File = "@LOGSDIR@/silcd.log"; Size = "50k"; }; Warnings { File = "@LOGSDIR@/silcd_warnings.log"; Size = "50k"; }; Errors { File = "@LOGSDIR@/silcd_errors.log"; Size = "50k"; }; Fatals { File = "@LOGSDIR@/silcd_fatals.log"; Size = "50k"; }; }; # # Connection classes (UNSUPPORTED) # # This section is used to define connection classes. These can be # used to optimize the server and the connections. # #Class { # Name = "norm"; # Ping = 100; # Connect = 100; # Links = 100; #}; # # Configured client connections. # # All fields except Class are optional. Omitted fields are assumed # to be generic (e.g. if the "Host" field is omitted all hosts will match # this client class). # #Client { # Host = "127.0.0.1"; # Port = 706; # Class = "local"; #}; Client { Port = 706; Class = "norm"; }; # # Configured server administrator connections # # The fields "Host", "User", and "Nick", are optional but you are encouraged # in using them to better identify your admins. # # The authentication data is specified by Passphrase and/or Publickey. # If both are provided then both password and public key based authentication # is allowed. If the Publickey is used it includes the file path to the # public key file. If none of them is provided then authentication is not # required. # Admin { Host = "10.2.1.199"; User = "priikone"; Nick = "pekka"; Passphrase = "verysecret"; # Publickey = "/path/to/the/public.key"; }; # # Denied connections # # These connections are denied to connect to our server. # # The "Reason" field is mandatory, while the "Host" and "Port" fields can be # omitted to match everything. # #Deny { # Host = "10.2.1.99"; # Port = 706; # Reason = "Go away spammer"; #}; #Deny { # Host = "10.3.*"; # Reason = "You are not welcome."; #}; # # Configured server connections. # # If server connections are configured it means that this server is # router server. Normal servers must not configure server connections. # Thus, if this server is not router do not configure this section. If # your server is router, this must be configured. # # The authentication data is specified by Passphrase and/or Publickey. # If both are provided then both password and public key based authentication # is allowed. If the Publickey is used it includes the file path to the # public key file. If none of them is provided then authentication is not # required. # # If the connection is backup connection then set the "Backup" option # to true. For normal connections set it false. If it is set to true then # this server will be backup router. # ServerConnection { Host = "10.2.1.7"; Passphrase = "verysecret"; # Publickey = "/path/to/the/public.key"; VersionID = 1; Class = "norm"; Backup = false; }; # # Configured router connections # # For normal servers only one entry maybe configured to this section. It # must be the router this server will be connected to. For router servers, # this section includes all configured router connections. The first # configured connection is the primary route. # # The authentication data is specified by Passphrase and/or Publickey. # If both are provided then both password and public key based authentication # is allowed. If the Publickey is used it includes the file path to the # public key file. If none of them is provided then authentication is not # required. # # If you are the initiator of the connection then set the "Initiator" # option to true. If you are the responder of the connection (waiting for # incoming connection) then set it to false. # # If the connection is backup router connection then set the "BackupHost" # option to the IP address of the router that the backup router will # replace if it becomes unavailable. Set also the router's port to the # "BackupPort" option. For normal connection leave both commented. If this # backup router is in our cell then set the "LocalBackup" option to true. # If the backup router is in other cell then set it to false. # RouterConnection { Host = "10.2.1.100"; Port = 706; Passphrase = "verysecret"; # Publickey = "/path/to/the/public.key"; VersionID = 1; Class = "norm"; Initiator = true; #BackupHost = "10.2.1.6"; #BackupPort = 706; #LocalBackup = true; };