SSH, the Secure Shell/Configuration

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Configuration[edit | edit source]

Both the client and the server can be configured. Here, we will concentrate on OpenSSH. In most cases, SSH1 configuration options are the same. SSH2 has many differences.

Configuration files[edit | edit source]

Server configuration files[edit | edit source]

  • /etc/ssh/sshd_config - server system-wide configuration file.
  • /etc/ssh/ssh_host_* - keys

Client configuration files[edit | edit source]

  • /etc/ssh/ssh_config - client system-wide configuration file.
  • ~/ssh/authorized_keys - list of keys, whose owners can log in without a password.
  • ~/ssh/config - client configuration file.
  • ~/ssh/id_* - client keys.
  • ~/ssh/known_hosts - list of hosts, with which we had contact, and their public keys.

Configuration options[edit | edit source]

Server configuration options[edit | edit source]

All of the followin options shoud be placed in /etc/ssh/sshd_config.

Basic options[edit | edit source]

Option name Default value Description
Port 22 Port, on which to start the server.
Protocol 2 Which protocol should be used. Allowed values are 1 or 2. If you want to allow both, set it to 1,2.
ListenAddress On which address should the server listen for incoming connections.
PermitRootLogin no Whether root is allowed to log in via SSH.
MaxAuthTries 6 Maximum number of login attempts per connection. When the number of failures reaches half this value, additional failures are logged.
IgnoreRhosts yes Whether to read user's ~/.rhosts and ~/.shosts
ClientAliveinterval 0 Sets the timeout interval in seconds, after which if no data has been received, sshd will check to see if the client is alive.
ClientAliveCountMax 3 Sets the number of client alive messages. If there is no response from the client after ClientAliveCountMax tries, it is disconnected.
Compression delayed Whether to use compression. The "delayed" option starts compression after the user has authenticated successfully.
CompressionLevel 6 Specify the level of compression. 1 is fast, 9 is best. For example, on a fast network the best choice is 1 (or even 0), and then both computers have powerful processors, and the network is not very fast one should use a high number.

Client configuration options[edit | edit source]

The following options should be placed in /etc/ssh_config or ~/.ssh/config

Basic options[edit | edit source]