SSH, the Secure Shell/Configuration
Jump to navigation
Jump to search
Configuration[edit | edit source]
Both the client and the server can be configured. Here, we will concentrate on OpenSSH. In most cases, SSH1 configuration options are the same. SSH2 has many differences.
Configuration files[edit | edit source]
Server configuration files[edit | edit source]
- /etc/ssh/sshd_config - server system-wide configuration file.
- /etc/ssh/ssh_host_* - keys
Client configuration files[edit | edit source]
- /etc/ssh/ssh_config - client system-wide configuration file.
- ~/ssh/authorized_keys - list of keys, whose owners can log in without a password.
- ~/ssh/config - client configuration file.
- ~/ssh/id_* - client keys.
- ~/ssh/known_hosts - list of hosts, with which we had contact, and their public keys.
Configuration options[edit | edit source]
Server configuration options[edit | edit source]
All of the followin options shoud be placed in /etc/ssh/sshd_config.
Basic options[edit | edit source]
| Option name | Default value | Description |
|---|---|---|
| Port | 22 | Port, on which to start the server. |
| Protocol | 2 | Which protocol should be used. Allowed values are 1 or 2. If you want to allow both, set it to 1,2. |
| ListenAddress | 0.0.0.0 | On which address should the server listen for incoming connections. |
| PermitRootLogin | no | Whether root is allowed to log in via SSH. |
| MaxAuthTries | 6 | Maximum number of login attempts per connection. When the number of failures reaches half this value, additional failures are logged. |
| IgnoreRhosts | yes | Whether to read user's ~/.rhosts and ~/.shosts |
| ClientAliveinterval | 0 | Sets the timeout interval in seconds, after which if no data has been received, sshd will check to see if the client is alive. |
| ClientAliveCountMax | 3 | Sets the number of client alive messages. If there is no response from the client after ClientAliveCountMax tries, it is disconnected. |
| Compression | delayed | Whether to use compression. The "delayed" option starts compression after the user has authenticated successfully. |
| CompressionLevel | 6 | Specify the level of compression. 1 is fast, 9 is best. For example, on a fast network the best choice is 1 (or even 0), and then both computers have powerful processors, and the network is not very fast one should use a high number. |
Client configuration options[edit | edit source]
The following options should be placed in /etc/ssh_config or ~/.ssh/config