SSH, the Secure Shell/Configuration

From Wikibooks, open books for an open world
Jump to: navigation, search

Configuration[edit]

Both the client and the server can be configured. Here, we will concentrate on OpenSSH. In most cases, SSH1 configuration options are the same. SSH2 has many differences.

Configuration files[edit]

Server configuration files[edit]

  • /etc/ssh/sshd_config - server system-wide configuration file.
  • /etc/ssh/ssh_host_* - keys

Client configuration files[edit]

  • /etc/ssh/ssh_config - client system-wide configuration file.
  • ~/ssh/authorized_keys - list of keys, whose owners can log in without a password.
  • ~/ssh/config - client configuration file.
  • ~/ssh/id_* - client keys.
  • ~/ssh/known_hosts - list of hosts, with which we had contact, and their public keys.

Configuration options[edit]

Server configuration options[edit]

All of the followin options shoud be placed in /etc/ssh/sshd_config.

Basic options[edit]

Option name Default value Description
Port 22 Port, on which to start the server.
Protocol 2 Which protocol should be used. Allowed values are 1 or 2. If you want to allow both, set it to 1,2.
ListenAddress 0.0.0.0 On which address should the server listen for incoming connections.
PermitRootLogin no Whether root is allowed to log in via SSH.
MaxAuthTries 6 Maximum number of login attempts per connection. When the number of failures reaches half this value, additional failures are logged.
IgnoreRhosts yes Whether to read user's ~/.rhosts and ~/.shosts
ClientAliveinterval 0 Sets the timeout interval in seconds, after which if no data has been recieved, sshd will check to see if the client is alive.
ClientAliveCountMax 3 Sets the number of client alive messages. If there is no response from the client after ClientAliveCountMax tries, it is disconnected.
Compression delayed Whether to use compression. The "delayed" option starts compression after the user has authenticated successfully.
CompressionLevel 6 Specify the level of compression. 1 is fast, 9 is best. For example, on a fast network the best choice is 1 (or even 0), and then both computers have powerfull processors, and the network is not very fast one should use a high number.

Client configuration options[edit]

The following options should be placed in /etc/ssh_config or ~/.ssh/config

Basic options[edit]