4 # Example configuration file. Note that this attempts to present various
5 # configuration possibilities and may not actually give any sensible
6 # configuration. For real life example see the examples/ directory.
8 # Most of the settings in this file are optional. If some setting is
9 # mandatory it is mentioned separately. If some setting is omitted it means
10 # that its builtin default value will be used. Boolean values, that is
11 # setting something on or off, is done by setting either "true" or "false"
12 # value, respectively.
14 # The ServerInfo section is mandatory section. Other sections are optional.
15 # However, if General section is defined it must be defined before the
16 # ConnectionParams sections. On the other hand, the ConnectionParams section
17 # must be defined before Client, ServerConnection or RouterConnection
18 # sections. Other sections can be in free order.
22 # Include global algorithms from the "silcalgs.conf" file. This file defines
23 # ciphers, hash functions, HMACs and PKCS algorithms that can be used.
25 Include "@ETCDIR@/silcalgs.conf";
28 # General configuration options
30 # These defines the default behaviour of the server. Most of these values
31 # can be overridden with ConnectionParams, which can be defined independently
32 # for different connections.
35 # This is the default path where to search modules. If omitted
36 # built-in modules will be used. Built-in modules will also be
37 # used if a module file cannot be located.
38 module_path = "@MODULESDIR@";
40 # If both passphrase and public key authentication is set for a
41 # connection the public key authentication is the preferred one
42 # to use. Set this to `true' to prefer passphrase authentication
43 # over public key authentication in these cases.
44 #prefer_passphrase_auth = true;
46 # Set this to true if the server should require fully qualified
47 # domain names (FQDN) for incoming connections. If true, a host
48 # without FQDN cannot connect to the server.
49 #require_reverse_lookup = true;
51 # Maximum number of incoming connections allowed to this server.
52 # If more attempt to connect they will be refused.
53 connections_max = 1000;
55 # Maximum number of incoming connections allowed per single host.
56 # For example, if this is one (1) it means a host can link only
57 # once to the server. Attempting to connect more than once would
58 # be refused. This can be overridden with ConnectionParams.
59 #connections_max_per_host = 10;
61 # Required version of the remote side. If these are specified then
62 # the remote must be of at least this version, or newer. If older
63 # then the connection will not be allowed.
65 # version_protocol - SILC protocol version ("major.minor")
66 # version_software - software version ("major.minor")
67 # version_software_vendor - vendor specific version extension
69 # The version_software_vendor may be for example a string or a build
70 # number of the software. The string can be a regex string to match
71 # more widely. Usually the vendor version checking is not necessary
72 # and can be omitted. These can be overridden with ConnectionParams.
73 #version_protocol = "1.1";
74 #version_software = "1.3";
75 #version_software_vendor = "SomeVendor";
77 # Default keepalive frequency (seconds). This can be overridden with
78 # with ConnectionParams.
81 # Default reconnection parameters defines how the server reconnect
82 # to the remote if the connection was lost. The reconnection phase
83 # use so called exponential backoff algorithm; The reconnect
84 # interval grows when reconnect count grows. Next example will
85 # attempt to reconnect after 10 seconds of disconnect, and the
86 # interval grows up to 600 seconds or until 7 times was attempted
87 # to reconnect. These settings has effect only when connecting
90 # reconnect_count - how many times reconnect is attempted
91 # reconnect_interval - how often reconnect it performed (seconds)
92 # reconnect_interval_max - maximum interval for reconnect, the
93 # server never waits longer than this to
94 # reconnect (seconds).
95 # reconnect_keep_trying - whether to keep trying even after
96 # reconnect_count is reached (the interval
97 # will be reconnect_interval_max).
99 # These can be overridden with ConnectionParams.
101 reconnect_interval = 10;
102 reconnect_interval_max = 600;
103 reconnect_keep_trying = true;
105 # Key exchange protocol rekey interval (seconds). How often to
106 # regenerate the session key with the remote. Initiator will perform
107 # the rekey and this setting affects only when connecting as initiator.
108 # This can be overridden with ConnectionParams.
109 #key_exchange_rekey = 3600;
111 # Key exchange with Perfect Forward Secrecy (PFS). This will perform
112 # the rekey process with PFS, making the new key more secure since it
113 # is not dependent in any way of the old key. This will make the rekey
114 # process somewhat slower, than without PFS. This can be overridden
115 # with ConnectionParams.
116 #key_exchange_pfs = true;
118 # Key exchange timeout (seconds). If the key exchange protocol is not
119 # finished in this time period the remote connection will be closed.
120 #key_exchange_timeout = 60;
122 # Connection authentication timeout (seconds). If the connection
123 # authentication protocol is not finished in this time period the
124 # remote connection will be closed.
125 #conn_auth_timeout = 60;
127 # Channel key rekey interval (seconds). How often channel key is
128 # regenerated. Note that channel key is regenerated also always when
129 # someone joins or leaves the channel.
130 #channel_rekey_secs = 3600;
132 # SILC session detachment disabling and limiting. By default clients
133 # can detach their sessions from server. If you set detach_disabled
134 # to true the DETACH command cannot be used by clients. If you want
135 # to limit for how long the server keeps detached sessions you can
136 # set the time (minutes) in detach_timeout. After that timeout the
137 # detached session is closed if it is not resumed. By default
138 # sessions are persistent as long as server is running.
139 #detach_disabled = true;
140 #detach_timeout = 1440;
142 # Quality of Service (QoS) settings. The QoS can be used to handle
143 # the incoming data and limit its handling rate to avoid flooding.
144 # By default QoS is disabled and can be enabled by setting "qos" to
145 # true value. The "qos_rate_limit" is the incmoing data reading
146 # per second, and if more frequently than the set limit is read the
147 # QoS is applied to the data. The "qos_bytes_limit" is maximum bytes
148 # allowed for incoming data. If more is received at once the QoS
149 # is applied to the data. The "qos_limit_sec" and "qos_limit_usec"
150 # is the timeout used to delay the data handling, seconds and
151 # microseconds, respectively. NOTE: If you enable QoS in General
152 # section it applies to server connections as well. Server
153 # connections SHOULD NOT use QoS. This can be overridden with
156 #qos_rate_limit = 10;
157 #qos_bytes_limit = 2048;
159 #qos_limit_usec = 500000;
169 hostname = "lassi.kuo.fi.ssh.com";
172 # Primary listener. Specify the IP address and the port to bind
181 # Secondary listener(s). If you need to bind your server into
182 # several interfaces use the Secondary to specify the listener(s).
184 #Secondary { ip = "10.2.1.60"; port = 706; };
185 #Secondary { ip = "10.2.1.160"; port = 706; };
188 # ServerType field specifies the purpose of this server
189 # This is only a descriptive field.
191 ServerType = "Test Server";
194 # Geographic location
196 Location = "Kuopio, Finland";
201 Admin = "Foo T. Bar";
204 # Admin's email address
206 AdminEmail = "foo-admin@bar.com";
209 # Run SILC server as specific user and group. The server must be
210 # initially run as root.
216 # Public and private keys
218 PublicKey = "@ETCDIR@/silcd.pub";
219 PrivateKey = "@ETCDIR@/silcd.prv";
224 # Specifies the text file displayed on client connection
226 #MotdFile = "@ETCDIR@/motd.txt";
231 PidFile = "@PIDFILE@";
237 # This section is used to set various logging files, their paths, maximum
238 # sizes and logging options.
240 # There are only four defined channels allowed for defining (see below).
241 # The log channels have an importance value, and most important channels
242 # are redirected on the less important ones, thus setting a valid logging
243 # file for "Info" will ensure logging for all channels, while setting
244 # logging file for "Errors" will ensure logging for channels "Errors"
248 # Use timestamp in the logging files? (Usually it is a good idea,
249 # but you may want to disable this if you run silcd under some
253 # If QuickLogs is true, then the logging files will be updated
254 # real-time. This causes a bit more CPU and HDD activity, but
255 # reduces memory usage. By default it is false and log files are
256 # written with FlushDelay timeout.
260 # FlushDelay tells log files update delay (seconds) in case you
261 # have chosen buffering output. This setting has effect only if
262 # the QuickLogs is false.
266 # Informational messages
268 File = "@LOGSDIR@/silcd.log";
274 File = "@LOGSDIR@/silcd_warnings.log";
280 File = "@LOGSDIR@/silcd_errors.log";
286 File = "@LOGSDIR@/silcd_fatals.log";
292 # Connection Parameters
294 # This section defined connection parameters. It is possible to use
295 # specific parameters in different connections, and to define different
296 # parameters to different connections. The parameters can define how the
297 # connection is handled and how the session is managed. If connection
298 # parameters are not used in connections the default values will apply
299 # (or values defined in General section). You can have multiple
300 # ConnectionParams blocks defined.
303 # unique name. The name is used to reference to this parameter
304 # block from the connections. This field is mandatory.
307 # Maximum number of connections allowed. More connections will be
308 # refused. This can be used for example to limit number of clients.
309 # Note that this never can be larger than the connections_max
310 # specified in General section.
311 connections_max = 200;
313 # Maximum number of connections allowed per host. For example, if
314 # this is one (1) it means a host can link only once to the server.
315 # Attempting to link more than once would be refused.
317 # If this connection parameters block is used with incoming server
318 # connections it is recommended that this value is set to one (1).
319 connections_max_per_host = 10;
321 # Required version of the remote side. If these are specified then
322 # the remote must be of at least this version, or newer. If older
323 # then the connection will not be allowed.
325 # version_protocol - SILC protocol version ("major.minor")
326 # version_software - software version ("major.minor")
327 # version_software_vendor - vendor specific version extension
329 # The version_software_vendor may be for example a string or a build
330 # number of the software. The string can be a regex string to match
331 # more widely. Usually the vendor version checking is not necessary
332 # and can be omitted. These can be overridden with ConnectionParams.
333 #version_protocol = "1.1";
334 #version_software = "1.3";
335 #version_software_vendor = "SomeVendor";
337 # Keepalive frequency (seconds).
338 keepalive_secs = 300;
340 # Reconnection parameters defines how the server reconnects to
341 # the remote if the connection was lost. The reconnection phase
342 # use so called exponential backoff algorithm; The reconnect
343 # interval grows when reconnect count grows. Next example will
344 # attempt to reconnect after 10 seconds of disconnect, and the
345 # interval grows up to 600 seconds or until 7 times was attempted
346 # to reconnect. These settings has effect only when connecting
349 # reconnect_count - how many times reconnect is attempted
350 # reconnect_interval - how often reconnect it performed (seconds)
351 # reconnect_interval_max - maximum interval for reconnect, the
352 # server never waits longer than this to
353 # reconnect (seconds).
354 # reconnect_keep_trying - whether to keep trying even after
355 # reconnect_count is reached (the interval
356 # will be reconnect_interval_max).
358 reconnect_interval = 10;
359 reconnect_interval_max = 600;
360 reconnect_keep_trying = true;
362 # Key exchange protocol rekey interval (seconds). How often to
363 # regenerate the session key with the remote. Initiator will perform
364 # the rekey and this setting affects only when connecting as initiator.
365 #key_exchange_rekey = 3600;
367 # Key exchange with Perfect Forward Secrecy (PFS). This will perform
368 # the rekey process with PFS, making the new key more secure since it
369 # is not dependent in any way of the old key. This will make the rekey
370 # process somewhat slower, than without PFS.
371 #key_exchange_pfs = true;
373 # Anonymous connection. This setting has effect only when this
374 # this is used with client connections. If set to true then clients
375 # using this connection parameter will be anonymous connections.
376 # This means that the client's username and hostname information
377 # is scrambled and anonymous mode is set for the user.
380 # Quality of Service (QoS) settings. The QoS can be used to handle
381 # the incoming data and limit its handling rate to avoid flooding.
382 # By default QoS is disabled and can be enabled by setting "qos" to
383 # true value. The "qos_rate_limit" is the incmoing data reading
384 # per second, and if more frequently than the set limit is read the
385 # QoS is applied to the data. The "qos_bytes_limit" is maximum bytes
386 # allowed for incoming data. If more is received at once the QoS
387 # is applied to the data. The "qos_limit_sec" and "qos_limit_usec"
388 # is the timeout used to delay the data handling, seconds and
389 # microseconds, respectively. For server connections QoS SHOULD NOT
392 #qos_rate_limit = 10;
393 #qos_bytes_limit = 2048;
395 #qos_limit_usec = 500000;
399 # Configured client connections.
401 # The "Host" defines the incoming IP address or hostname of the client.
402 # If it is omitted all hosts will match this client connection. The
403 # "Params" is optional and can be used to set specific connection parameters
404 # for this connection.
406 # The authentication data is specified by Passphrase and/or PublicKey.
407 # If both are provided then both password and public key based authentication
408 # is allowed. If the Publickey is used it includes the file path to the
409 # public key file. If none of them is provided then authentication is not
410 # required. The PublicKey can be set multiple times to set multiple
411 # public keys for one connection.
413 # Next example connection will match to all incoming client connections,
414 # and no authentication is required.
418 #Passphrase = "secret";
419 #PublicKey = "/path/to/the/user_my.key";
420 #PublicKey = "/path/to/the/user_221.key";
421 #PublicKey = "/path/to/the/user_313.key";
426 # Configured server administrator connections
428 # The fields "Host", "User", and "Nick", are optional but you are encouraged
429 # in using them to better identify your admins.
431 # The authentication data is specified by Passphrase and/or PublicKey.
432 # If both are provided then both password and public key based authentication
433 # is allowed. If the PublicKey is used it includes the file path to the
434 # public key file. If none of them is provided then authentication is not
441 Passphrase = "verysecret";
442 # PublicKey = "/path/to/the/public.key";
446 # Configured server connections.
448 # If server connections are configured it means that this server is
449 # router server. Normal servers must not configure server connections.
450 # Thus, if this server is not router do not configure this section. If
451 # your server is router, this must be configured.
453 # The authentication data is specified by Passphrase and/or PublicKey.
454 # If both are provided then both password and public key based authentication
455 # is allowed. If the PublicKey is used it includes the file path to the
456 # public key file. If none of them is provided then authentication is not
459 # If the connection is backup connection then set the "Backup" option
460 # to true. For normal connections set it false. If it is set to true then
461 # your server will be backup router.
465 Passphrase = "verysecret";
466 #PublicKey = "/path/to/the/public.key";
472 # Configured router connections
474 # For normal servers only one entry maybe configured to this section. It
475 # must be the router this server will be connected to. For router servers,
476 # this section includes all configured router connections. The first
477 # configured connection is the primary route. The Host specifies the
478 # remote hostname or IP address. The Port specifies the remote port to
479 # connect when Initiator is true. When Initiator is false the Port
480 # specifies the local port (listener port).
482 # The authentication data is specified by Passphrase and/or PublicKey.
483 # If both are provided then both password and public key based authentication
484 # is allowed. If the PublicKey is used it includes the file path to the
485 # public key file. If none of them is provided then authentication is not
488 # If you are the initiator of the connection then set the "Initiator"
489 # option to true. If you are the responder of the connection (waiting for
490 # incoming connection) then set it to false.
492 # If the connection is backup router connection then set the "BackupHost"
493 # option to the IP address of the router that the backup router will
494 # replace if it becomes unavailable. Set also the router's port to the
495 # "BackupPort" option. For normal connection leave both commented. If this
496 # backup router is in our cell then set the "BackupLocal" option to true.
497 # If the backup router is in other cell then set it to false.
502 Passphrase = "verysecret";
503 #PublicKey = "/path/to/the/public.key";
506 #BackupHost = "10.2.1.6";
514 # These connections are denied to connect to our server.
516 # The "Reason" field is mandatory, while the "Host" field can be omitted to
520 # Host = "10.2.1.99";
521 # Reason = "Go away spammer";
525 # Reason = "You are not welcome.";