# SSH CONFIGURATION FILE FORMAT VERSION 1.1
# REGEX-SYNTAX egrep
# end of metaconfig
# (do not change above lines!)

#
# File name:      SSH2_CONFIG.
# Product:        HP TCP/IP Services for OpenVMS
# Version:        V5.7-13
#
# © Copyright 1976, 2009 Hewlett-Packard Development Company, L.P.
#

#
# ssh 3.2 client configuration information
#
# Note: ".*" is used for all hosts, but you can use other hosts as well
#

.*:


# 
# HP Tru64 UNIX specific
# Secure the r* utilities (no, yes)
#
#   EnforceSecureRutils			no


## General
 
    AuthenticationSuccessMsg		yes
#   BatchMode				no
#   Compression				no
#   DontReadStdin			no
#   EscapeChar				~
#   ForcePTTYAllocation			no
#   GoBackground			no
#   PasswordPrompt			"%U@%H's password: "
    PasswordPrompt			"%U's password: "
#   QuietMode				no
#   SetRemoteEnv			foobar=baz
    VerboseMode				no


## Network

    Port				22
    NoDelay				no
    KeepAlive				yes
#   SocksServer				socks://mylogin@socks.ssh.com:1080/203.123.0.0/16,198.74.23.0/24
#   UseSocks5				no


## Crypto
 
    Ciphers				AnyStdCipher 
    MACs				AnyStdMAC
#   RekeyIntervalSeconds		3600
    StrictHostKeyChecking		no	


## User public key authentication

    IdentityFile			identification
    RandomSeedFile			random_seed


## Tunneling

#   ForwardAgent			yes
#   ForwardX11				yes
#   GatewayPorts			no
#   TrustX11Applications		no
#   XauthPath				<set by configure by default>


# Tunnels that are set up upon login

#   LocalForward			"110:pop3.company.com:110"
#   LocalForward			"143:imap.company.com:143"
#   LocalForward			"25:smtp.company.com:25"
#   RemoteForward			"3000:localhost:22"


## SSH1 compatibility

#   Ssh1InternalEmulation		yes
    Ssh1Compatibility			no
    Ssh1AgentCompatibility		none
#   Ssh1AgentCompatibility		traditional
#   Ssh1AgentCompatibility		ssh2
#   Ssh1MaskPasswordLength		yes
#   Ssh1Path				/usr/local/bin/ssh1


## Authentication 
## V5.5-02
## publickey and password are allowed by default
## (least interactive method should be usually attempted first)

# Valid options for all fields that take authentication method names
# or lists of them are:
#
#   hostbased
#   publickey
#   password
#   kerberos-2@ssh.com
#   kerberos-tgt-2@ssh.com
#   gssapi-with-mic

#   AllowedAuthentications		publickey, password
#   AllowedAuthentications		hostbased, publickey, password

## Authentication, OpenVMS-specific

#   NumberOfHostkeyCopyPrompts          3
#   NumberOfPasswordVerificationPrompts 3
#   PubkeyPassphraseGuesses             3


# For ssh-signer2 (only effective if set in the global configuration file,
# usually TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSH2_CONFIG., i.e., this file)

#   DefaultDomain			foobar.com
    SshSignerPath			/sys$system/tcpip$ssh_ssh-signer2


## Examples of per host configurations

#alpha.*:
#   Host				alpha.oof.fi
#   User				username_at_alpha
#   PasswordPrompt			"%U:s password at %H: "
#   Ciphers				aes

#foobar:
#   Host				foo.bar
#   User				foo_user

# GssapiSendErrtok is a Boolean that tells the SSH client to send a
# SSH_MSG_USERAUTH_GSSAPI_ERRTOK message to the server when a
# GSSAPI call incurs an error. 
#
# Default is "no".
#
# GssapiSendErrtok			no

#
# GssapiDelegateCredentials is a Boolean that tells the SSH client, for
# gssapi-with-mic authentication, to delegate credentials to the server.
# This is required, along with a forwardable TGT (produced by init -f)
# for forwarding of credentials to the server side user process. When
# credentials are forwarded in this fashion the user need not issue another
# kinit command once logged into the server as their credentials have
# effectively followed them.
#
# Default is "yes".
#
#GssapiDelegateCredentials		yes