SSH, the Secure Shell/Configuration
Jump to navigation
Jump to search
This page may fit the criteria for speedy deletion. Please share your thoughts.
Do you think this page should be kept or doesn't fit the criteria? Want to discuss this with more people? You can continue to edit this page, which may save it from deletion if improved. Administrators: Please check the page history, page log, and especially the last edit, before deleting. |
Configuration[edit | edit source]
Both the client and the server can be configured. Here, we will concentrate on OpenSSH. In most cases, SSH1 configuration options are the same. SSH2 has many differences.
Configuration files[edit | edit source]
Server configuration files[edit | edit source]
- /etc/ssh/sshd_config - server system-wide configuration file.
- /etc/ssh/ssh_host_* - keys
Client configuration files[edit | edit source]
- /etc/ssh/ssh_config - client system-wide configuration file.
- ~/ssh/authorized_keys - list of keys, whose owners can log in without a password.
- ~/ssh/config - client configuration file.
- ~/ssh/id_* - client keys.
- ~/ssh/known_hosts - list of hosts, with which we had contact, and their public keys.
Configuration options[edit | edit source]
Server configuration options[edit | edit source]
All of the followin options shoud be placed in /etc/ssh/sshd_config.
Basic options[edit | edit source]
Option name | Default value | Description |
---|---|---|
Port | 22 | Port, on which to start the server. |
Protocol | 2 | Which protocol should be used. Allowed values are 1 or 2. If you want to allow both, set it to 1,2. |
ListenAddress | 0.0.0.0 | On which address should the server listen for incoming connections. |
PermitRootLogin | no | Whether root is allowed to log in via SSH. |
MaxAuthTries | 6 | Maximum number of login attempts per connection. When the number of failures reaches half this value, additional failures are logged. |
IgnoreRhosts | yes | Whether to read user's ~/.rhosts and ~/.shosts |
ClientAliveinterval | 0 | Sets the timeout interval in seconds, after which if no data has been received, sshd will check to see if the client is alive. |
ClientAliveCountMax | 3 | Sets the number of client alive messages. If there is no response from the client after ClientAliveCountMax tries, it is disconnected. |
Compression | delayed | Whether to use compression. The "delayed" option starts compression after the user has authenticated successfully. |
CompressionLevel | 6 | Specify the level of compression. 1 is fast, 9 is best. For example, on a fast network the best choice is 1 (or even 0), and then both computers have powerful processors, and the network is not very fast one should use a high number. |
Client configuration options[edit | edit source]
The following options should be placed in /etc/ssh_config or ~/.ssh/config