Help
Add this page to your collection
Show collection (0 pages)
Suggest pagesSSH, the Secure Shell/Configuration
From Wikibooks, open books for an open world
This page may need to be
Contents |
[edit] Configuration
Both the client and the server can be configured. Here, we will concentrate on OpenSSH. In most cases, SSH1 configuration options are the same. SSH2 has many differences.
[edit] Configuration files
[edit] Server configuration files
- /etc/ssh/sshd_config - server system-wide configuration file.
- /etc/ssh/ssh_host_* - keys
[edit] Client configuration files
- /etc/ssh/ssh_config - client system-wide configuration file.
- ~/ssh/authorized_keys - list of keys, whose owners can log in without a password.
- ~/ssh/config - client configuration file.
- ~/ssh/id_* - client keys.
- ~/ssh/known_hosts - list of hosts, with which we had contact, and their public keys.
[edit] Configuration options
[edit] Server configuration options
All of the followin options shoud be placed in /etc/ssh/sshd_config.
[edit] Basic options
| Option name | Default value | Description |
|---|---|---|
| Port | 22 | Port, on which to start the server. |
| Protocol | 2 | Which protocol should be used. Allowed values are 1 or 2. If you want to allow both, set it to 1,2. |
| ListenAddress | 0.0.0.0 | On which address should the server listen for incoming connections. |
| PermitRootLogin | no | Whether root is allowed to log in via SSH. |
| MaxAuthTries | 6 | Maximum number of login attempts per connection. When the number of failures reaches half this value, additional failures are logged. |
| IgnoreRhosts | yes | Whether to read user's ~/.rhosts and ~/.shosts |
| ClientAliveinterval | 0 | Sets the timeout interval in seconds, after which if no data has been recieved, sshd will check to see if the client is alive. |
| ClientAliveCountMax | 3 | Sets the number of client alive messages. If there is no response from the client after ClientAliveCountMax tries, it is disconnected. |
| Compression | delayed | Whether to use compression. The "delayed" option starts compression after the user has authenticated successfully. |
| CompressionLevel | 6 | Specify the level of compression. 1 is fast, 9 is best. For example, on a fast network the best choice is 1 (or even 0), and then both computers have powerfull processors, and the network is not very fast one should use a high number. |
[edit] Client configuration options
The following options should be placed in /etc/ssh_config or ~/.ssh/config
