Man Linux: Main Page and Category List

NAME

       silcd.conf - format of configuration file for silcd

CONFIGURATION FILE

       Silcd  reads  its  configuration from /etc/silc/silcd.conf (or the file
       specified with -f). The file contains sections,  subsections  and  key-
       value  pairs. Each section or subsection is bound with a starting { and
       ending  }.  Keys  and  values  are  of  the  format  ’KEY=VALUE;’.  All
       statements as well as sections must be terminated with a ’;’.

       Mandatory  section in configuration file is ServerInfo.  Other sections
       are optional but recommended.  If General section is defined it must be
       defined  before  the  ConnectionParams section.  On the other hand, the
       ConnectionParams   section   must    be    defined    before    Client,
       ServerConnection  and/or RouterConnection sections.  Other sections can
       be in a free order in the configuration file.

SECTION: General

       General section contains global settings for the silcd.

       dynamic_server
              Dynamic router connections.  If this  is  set  for  normal  SILC
              server the connection to primary router is not created untill it
              is    actually    needed.     Giving    for    example    /WHOIS
              foobar@silcnet.org  would  then create connection to the primary
              router to resolve user foobar.  On the other hand giving  /WHOIS
              foobar  would  try  to  search  the user foobar locally, without
              creating the connection.  Note that  giving  /JOIN  foobar  will
              also  created  the  connection  as  current  SILC Server version
              supports only global channels (all JOINs require  connection  to
              router, if one is configured).

       prefer_passphrase_auth
              If  both  public key and passphrase authentication are set for a
              connection, public key authentication is by  default  preferred.
              Setting  this  value  to  true causes silcd to prefer passphrase
              authentication in these cases.

       require_reverse_lookup
              Set this value to true if all connecting hosts must have a fully
              qualified  domain  name  (FQDN).  If set to true, a host without
              FQDN is not allowed to connect to server.

       connections_max
              Maximum number of  incoming  connections  to  this  server.  Any
              further connections are refused.

       connections_max_per_host
              Maximum  number  of  incoming  connections from any single host.
              This setting can be overridden on  a  connection-specific  basis
              with ConnectionParams.

       version_protocol
              Defines  the  minimum  required  version  of  protocol  to allow
              connecting to server. A client or server using this  version  of
              protocol  or  newer  is  allowed  to connect, one using anything
              older will be rejected. Leaving unset  allows  all  versions  to
              connect. This can be overridden with ConnectionParams.

       version_software
              Defines  the  minimum  required  version  of  software  to allow
              connecting to server. A client or server that is of this version
              or newer is allowed to connect, one using anything older will be
              rejected. Leaving unset allows all versions  to  connect.   This
              can be overridden with ConnectionParams.

       version_software_vendor
              Defines  the  allowed software vendor string that is required to
              connect.  Usually this is  either  a  build  number  or  special
              client  tag. Using this requirement is not encouraged unless the
              server is  in  very  limited  use.   Leaving  unset  allows  all
              versions   regardless  of  their  vendor  to  connect.   Can  be
              overridden with ConnectionParams.

       key_exchange_rekey
              Defines the interval, in seconds, how often the session key will
              be  regenerated.  This  setting  only  applies to the connection
              initiator, as rekey is always performed by the initiating party.
              Setting  has  effect  only when the server acts as an initiator,
              and can be overridden with ConnectionParams.

       key_exchange_pfs
              Boolean value to determine, whether  key-exchange  is  performed
              with  Perfect  Forward Secrecy (PFS) or without. If set to true,
              the rekey process will be somewhat slower, but more secure since
              the   key  is  entirely  regenerated.  Can  be  overridden  with
              ConnectionParams.

       key_exchange_timeout
              Key exchange timeout in seconds. If  the  key  exchange  is  not
              completed  within  this  time,  the  remote  connection  will be
              closed.

       conn_auth_timeout
              Connection authentication timeout in seconds. If the  connection
              authentication  is  not  completed  within this time, the remote
              connection will be closed.

       channel_rekey_secs
              Seconds, how often channel key will be  regenerated.  Note  that
              channel key is regenerated each time someone joins or leaves the
              channel. This is the maximum time any channel can have the  same
              key.

       detach_disabled
              Boolean value controlling, whether clients are denied the use of
              DETACH command. Default value is false (DETACH is allowed).

       detach_timeout
              Time in seconds how long detached sessions will be available. By
              default,  detached  sessions  do  not  expire  and  as such, are
              persistent as long as the server is running. If  DETACH  command
              is allowed, this value should be set as well.

       qos
              Boolean  value  controlling, whether Quality of Service settings
              are enabled. Default setting is false. NOTE: If you  enable  QoS
              in  general  section,  it applies to every connection the server
              has,  including  server  connections.   This  setting   can   be
              overridden   with   ConnectionParams   and  in  case  of  server
              connections, it SHOULD BE overridden (server connections  should
              not use QoS).

       qos_rate_limit
              Limits  read operations per second to given amount. Do note that
              one read operation  may  read  several  SILC  packets,  so  this
              setting  does not automatically correspond to amount of messages
              transmitted or accepted.

       qos_bytes_limit
              Limits incoming SILC data to the specified number of  bytes  per
              second.

       qos_limit_sec
              This  value  defines  the  timeout, in seconds, for the delay of
              received data in case it was left in a QoS queue.

       qos_limit_usec
              This value defines the timeout, in microseconds, for  the  delay
              of  received data for received data in case it was left in a QoS
              queue.

SECTION: ServerInfo

       ServerInfo contains values  for  bound  interfaces  and  administrative
       info.

       hostname
              Server’s name (FQDN).

       ServerType
              This  is  a  descriptive  text  field,  usually telling what the
              server and its purpose are.

       Location
              Descriptive field of server’s geographic location.

       Admin
              Administrator’s full name.

       AdminEmail
              Administrator’s email address.

       User
              The name of the user account silcd will be running on. This must
              be  an  existing  user.  Silcd  needs to executed as root; after
              binding the port it  will  drop  root  privileges  and  use  the
              account given here.

       Group
              The  name of the group silcd will be running on. This must be an
              existing group. Silcd  needs  to  be  executed  as  root;  after
              binding  the port it will drop root privileges and use the group
              given here.

       PublicKey
              Full path to server’s public key file.

       PrivateKey
              Full path to server’s private key file.

       MotdFile
              Full path to MOTD (Message Of The Day) file, a  text  file  that
              will be displayed to each client upon connection.

       PidFile
              Full path to file where silcd will write its PID.

SUBSECTION: Primary

       This  is  the  primary listener info. Each server can have no more than
       one Primary section.

       ip
              Specifies the address silcd is listening on.

       port
              Specifies the port silcd is listening on.

       public_ip
              Optional field.  If your server is behind NAT this IP  would  be
              the  public  IP  address.   The  ’ip’  field  would  include the
              internal IP address.  With this option it  is  possible  to  run
              silcd behind NAT device.

SUBSECTION: Secondary

       This  is  a  secondary  listener  info. A server may have any amount of
       Secondary listener settings. These are needed only if  silcd  needs  to
       listen  on  several  interfaces.  Secondary  subsections  have the same
       information that Primary does.

SECTION: Logging

       This section is used to set up various log files; their paths,  maximum
       sizes and individual logging options.

       There  are  four  defined  logging  channels.  The log channels have an
       importance value, and more important channels are always redirected  to
       the  less  important  ones.  Setting a valid logging file for Info will
       ensure logging for all channels, whereas a  setting  for  Errors  would
       only ensure logging for Errors and Fatals.

       Timestamp
              A  boolean  value  that  dictates  whether  log  lines will have
              timestamps prefixed. In general, this is a good idea. You  might
              want to disable this if you are running silcd under some special
              logging daemon, such as daemontools.

       QuickLogs
              A boolean value that determines how often log files are updated.
              Setting  this to true makes silcd log in real-time. Setting this
              to false makes silcd write to  logs  every  FlushDelay  seconds.
              Real-time  logging  causes  a  bit  more  CPU  and HDD usage but
              reduces memory consumption.

       FlushDelay
              Time in seconds, how often logs are flushed  to  logfiles.  This
              setting has effect only if QuickLogs is disabled.

SUBSECTION: Info

SUBSECTION: Warnings

SUBSECTION: Errors

SUBSECTION: Fatals

       Each  of  these  subsections  has  the  same attributes, File and Size.
       Different levels of problems are logged to  their  respective  channels
       (Info, Warnings, Errors, Fatals), depending on their need of attention.

       File
              Full path to log file.

       Size
              Limit the size the log file is allowed to grow to.  Any  further
              messages  to  this  file cause the oldest lines to be removed in
              order to keep the file size within given limit.

SECTION: ConnectionParams

       This section defines connection parameters. Each  connection  may  have
       its  own set of ConnectionParams but having one is in no way mandatory.
       If no separate parameters have been assigned, the defaults and the ones
       from  General  section will be used. A silcd configuration may have any
       number of ConnectionParams sections.

       name
              This  is  a  unique  name   that   separates   this   particular
              ConnectionParams  section  from  all  the others. It is also the
              name with  which  settings  are  referred  to  a  given  set  of
              parameters. This field is mandatory.

       connections_max
              Limits  how many concurrent connections are allowed. Any further
              connections are simply refused. Note that this setting  can  not
              override the figure given in General section.

       connections_max_per_host
              Maximum  number  of connections allowed from any single host. If
              this  parameter  is  set  for   a   block   controlling   server
              connections, it is highly suggested to use a value of one (1).

       version_protocol
              Exactly the same as in General section.

       version_software
              Exactly the same as in General section.

       version_software_vendor
              Exactly the same as in General section.

       keepalive_secs
              How  often  (seconds)  to  send  HEARTBEAT  packets to connected
              clients.

       reconnect_count
              When connection is lost, how many times a reconnection is tried.

       reconnect_interval
              How often, in seconds, a reconnection is attempted.

       reconnect_interval_max
              Reconnection  time  is  lengthened  each  time  an  unsuccessful
              attempt occurs. This value defines the maximum interval to which
              the delay may be prolonged.

       reconnect_keep_trying
              Boolean  value  controlling  whether  server eventually gives up
              trying to reconnect. If set to false, server will give  up  once
              reconnect_count  is  reached  or,  even  at  maximum interval no
              connection is established.

       key_exchange_rekey
              Exactly the same as in General section.

       key_exchange_pfs
              Exactly the same as in General section.

       anonymous
              This boolean setting has meaning only to client connections.  If
              set  to  true,  client  connections  using this ConnectionParams
              block will have their username and host  scrambled.  The  client
              will also have an anonymous mode set to it.

       qos
              Exactly  the  same  as  in  General  section   NOTE:  For server
              connection this should be set to false value.

       qos_rate_limit
              Exactly the same as in General section.

       qos_bytes_limit
              Exactly the same as in General section.

       qos_limit_sec
              Exactly the same as in General section.

       qos_limit_usec
              Exactly the same as in General section.

SECTION: Client

       This section defines how incoming client connections are handled. There
       can  be  several  Client  sections, each with their own requirements. A
       silcd admin could for example require that connections from certain IP-
       address space must supply a connection password.

       Host
              An address or wildcarded set of addresses, either in numeric IP-
              address  fashion  or  as  hostnames.  For  example  "10.1.*"  or
              "*.mydomain.domain.org".

       Passphrase
              The required passphrase to allow client connection.

       PublicKey
              The path to a file containing the client’s public key. There can
              be any number of PublicKey statements  in  one  Client  section.
              Matching any of them will do.

       Params
              Name of client connection parameters.

SECTION: ServerConnection

       This  section  defines  a  configured server connection. A regular SILC
       server does not need one at all. If this block exists,  it  means  that
       the  server  is  a  SILC router. There must be one ServerConnection for
       each SILC server that connects to this router.

       Host
              Either an FQDN or strict IP-address of the connecting server.

       Passphrase
              If server connection requires passphrase authentication, set  it
              here.

       PublicKey
              This  is  a  path  to  connecting server’s public key. If server
              connection requires public key authentication, set  this  value.
              If  both  Passphrase  and PublicKey are set, then either of them
              will be accepted.

       Params
              Connection parameters.

       Backup
              A boolean value  controlling  whether  this  server  acts  as  a
              backup.  Set  to  false for normal servers. If set to true, this
              server is a backup router.

SECTION: RouterConnection

       This section covers router connections. Stand-alone servers won’t  have
       this section, and regular servers should only have one.

       Router  servers  need  one  RouterConnection for each other router they
       have been configured to connect to. First  configured  section  is  the
       primary route.

       Port
              If  Initiator  is  set tro true, this setting defines the remote
              port in which to connect. if Initiator is  set  to  false,  then
              this defines the local (listening) port.

       Passphrase
              If connecting server requires a passphrase authentication, it is
              set here.

       PublicKey
              If connecting to server requires public key authentication,  the
              path to server’s public key file is set here.

       Params
              Connection parameters.

       Initiator
              A  boolean  setting  that  defines  whether  this  server is the
              connecting party.

       BackupHost
              If the configured connection is a backup connection, set this to
              the address of the main router that will be replaced. For normal
              router connection leave this option out.

       BackupPort
              If the configured connection is a backup connection, set this to
              the   remote  port  which  to  connect  to.  For  normal  router
              connection, leave this option out.

       BackupLocal
              A boolean value. If this setting is true, then the backup router
              is  in  the  same cell. If the backup router is in another cell,
              set  this  to  false.  Needless  to  say,  for   normal   router
              connection, leave this option out.

SECTION: Admin

       This section defines configured administration connections.

       Host
              Either  FQDN or a strict IP-address to the origin of connection.
              This field is optional.

       User
              Username that the connecting client  announces.  This  field  is
              optional.

       Nick
              Nickname  that  the  connecting  client announces. This field is
              optional.

       Passphrase
              Passphrase required to obtain server operator privileges.

       PublicKey
              Path to administrator’s public key file. If both Passphrase  and
              PublicKey are defined, either one can be used.

SECTION: Deny

       This section defines denied incoming connections. They apply equally to
       both client and server connections, so make sure you know what you  add
       here.  Each  Deny  section covers one instance of denied connection(s).
       There may be any number of Deny sections.

       Host
              Address or wildcarded addresses  of  denied  connections.  NOTE!
              This  field  is  not  mandatory,  but highly recommended. If you
              don’t specify Host at all, or give it a value of "*", you have a
              silcd that denies every single incoming connection.

       Reason
              A string giving the reason as to why the connecting party is not
              allowed to connect. Unlike Host, this field IS mandatory.

FILES

       silcd.conf

SEE ALSO

       silcd(8)

AUTHOR

       SILC is designed and written by Pekka  Riikonen  <priikone@iki.fi>  and
       rest of the SILC Project.

       Configuration   file   format   and  parser  is  by  Giovanni  Giacobbi
       <giovanni@giacobbi.net>.

       This manpage was written by Mika ’Bostik’ Boström <bostik@lut.fi>

       See CREDITS for full list of contributors.