SSH Configuration Files
Continueing on the SSH topics, the next topic is to look at the configuration files for the SSH program. The global settings for the program can be found in the /etc/ssh directory. The two main files for global settings are /etc/ssh/ssh_config and /etc/ssh/sshd_config.
The ssh_config file allows you to set options to modify the client programs, some of the more important settings are as follows:
The next file is the sshd_config file which allows you to set options which modify the behaviour of the SSH daemon.
If you are interested in some of the other features which can be adjusted you can check the man pages which were referrenced earlier in this post.
To return to the main directory for the SSH tutorials.
The ssh_config file allows you to set options to modify the client programs, some of the more important settings are as follows:
- Forward Agent specifies which conection authentication agent if any should be forwarded default is no there are some nstances where this should be yes though.
- Forward X11 automatically redirects x11 sessions to the remote machine, since this should be a server set up this should be left at the default of no.
- Password Authentication specifies to use password authentication. For strong security this should be set to yes.
- Batchmode used when scripts are used and you don;t want to be supplying a password through the script.
- Compression controls wether compression is used or not, the default is NO.
The next file is the sshd_config file which allows you to set options which modify the behaviour of the SSH daemon.
- PermitRootLogin specifies whether root can log in through SSH. This option should always be set to NO.
- StrictModes specifies whetheter SSH should check the user's permissions in their home directory and rhosts files before accepting logins. this option should always be set to YES.
- X11Forwarding specifies whether X11 forwarding should be allowed on the remote amchine, since this is a server this option should be set to NO.
- Password Authentication specifies whetehr password authentication should be used. This should be set to YES.
- PermitEmptyPasswords specifies wether the server will allow logging in with null passwords, if you will be using the SCP utility this option must be set to YES.
- AllowUsers specifies which users are allowed to use SSH services, multiple users can be specified.
If you are interested in some of the other features which can be adjusted you can check the man pages which were referrenced earlier in this post.
To return to the main directory for the SSH tutorials.
<< Home