SSH, the Secure Shell/Configuration
Configuration[edit | edit source]
Both the client and the server can be configured. Here, we will concentrate on OpenSSH. In most cases, SSH1 configuration options are the same. SSH2 has many differences.
Configuration files[edit | edit source]
Server configuration files[edit | edit source]
- /etc/ssh/sshd_config - server system-wide configuration file.
- /etc/ssh/ssh_host_* - keys
Client configuration files[edit | edit source]
- /etc/ssh/ssh_config - client system-wide configuration file.
- ~/ssh/authorized_keys - list of keys, whose owners can log in without a password.
- ~/ssh/config - client configuration file.
- ~/ssh/id_* - client keys.
- ~/ssh/known_hosts - list of hosts, with which we had contact, and their public keys.
Configuration options[edit | edit source]
Server configuration options[edit | edit source]
All of the followin options shoud be placed in /etc/ssh/sshd_config.
Basic options[edit | edit source]
|Option name||Default value||Description|
|Port||22||Port, on which to start the server.|
|Protocol||2||Which protocol should be used. Allowed values are 1 or 2. If you want to allow both, set it to 1,2.|
|ListenAddress||0.0.0.0||On which address should the server listen for incoming connections.|
|PermitRootLogin||no||Whether root is allowed to log in via SSH.|
|MaxAuthTries||6||Maximum number of login attempts per connection. When the number of failures reaches half this value, additional failures are logged.|
|IgnoreRhosts||yes||Whether to read user's ~/.rhosts and ~/.shosts|
|ClientAliveinterval||0||Sets the timeout interval in seconds, after which if no data has been received, sshd will check to see if the client is alive.|
|ClientAliveCountMax||3||Sets the number of client alive messages. If there is no response from the client after ClientAliveCountMax tries, it is disconnected.|
|Compression||delayed||Whether to use compression. The "delayed" option starts compression after the user has authenticated successfully.|
|CompressionLevel||6||Specify the level of compression. 1 is fast, 9 is best. For example, on a fast network the best choice is 1 (or even 0), and then both computers have powerful processors, and the network is not very fast one should use a high number.|
Client configuration options[edit | edit source]
The following options should be placed in /etc/ssh_config or ~/.ssh/config