SSH, the Secure Shell/Configuration
< SSH, the Secure ShellConfiguration
Both the client and the server can be configured. Here, we will concentrate on OpenSSH. In most cases, SSH1 configuration options are the same. SSH2 has many differences.
Configuration files
Server configuration files
- /etc/ssh/sshd_config - server system-wide configuration file.
- /etc/ssh/ssh_host_* - keys
Client configuration files
- /etc/ssh/ssh_config - client system-wide configuration file.
- ~/ssh/authorized_keys - list of keys, whose owners can log in without a password.
- ~/ssh/config - client configuration file.
- ~/ssh/id_* - client keys.
- ~/ssh/known_hosts - list of hosts, with which we had contact, and their public keys.
Configuration options
Server configuration options
All of the followin options shoud be placed in /etc/ssh/sshd_config.
Basic options
| Option name | Default value | Description |
|---|---|---|
| Port | 22 | Port, on which to start the server. |
| Protocol | 2 | Which protocol should be used. Allowed values are 1 or 2. If you want to allow both, set it to 1,2. |
| ListenAddress | 0.0.0.0 | On which address should the server listen for incoming connections. |
| PermitRootLogin | no | Whether root is allowed to log in via SSH. |
| MaxAuthTries | 6 | Maximum number of login attempts per connection. When the number of failures reaches half this value, additional failures are logged. |
| IgnoreRhosts | yes | Whether to read user's ~/.rhosts and ~/.shosts |
| ClientAliveinterval | 0 | Sets the timeout interval in seconds, after which if no data has been recieved, sshd will check to see if the client is alive. |
| ClientAliveCountMax | 3 | Sets the number of client alive messages. If there is no response from the client after ClientAliveCountMax tries, it is disconnected. |
| Compression | delayed | Whether to use compression. The "delayed" option starts compression after the user has authenticated successfully. |
| CompressionLevel | 6 | Specify the level of compression. 1 is fast, 9 is best. For example, on a fast network the best choice is 1 (or even 0), and then both computers have powerfull processors, and the network is not very fast one should use a high number. |
Client configuration options
The following options should be placed in /etc/ssh_config or ~/.ssh/config
This article is issued from Wikibooks. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.