Last modified on 21 July 2006, at 15:58

SSH, the Secure Shell/Configuration

ConfigurationEdit

Both the client and the server can be configured. Here, we will concentrate on OpenSSH. In most cases, SSH1 configuration options are the same. SSH2 has many differences.

Configuration filesEdit

Server configuration filesEdit

  • /etc/ssh/sshd_config - server system-wide configuration file.
  • /etc/ssh/ssh_host_* - keys

Client configuration filesEdit

  • /etc/ssh/ssh_config - client system-wide configuration file.
  • ~/ssh/authorized_keys - list of keys, whose owners can log in without a password.
  • ~/ssh/config - client configuration file.
  • ~/ssh/id_* - client keys.
  • ~/ssh/known_hosts - list of hosts, with which we had contact, and their public keys.

Configuration optionsEdit

Server configuration optionsEdit

All of the followin options shoud be placed in /etc/ssh/sshd_config.

Basic optionsEdit

Option name Default value Description
Port 22 Port, on which to start the server.
Protocol 2 Which protocol should be used. Allowed values are 1 or 2. If you want to allow both, set it to 1,2.
ListenAddress 0.0.0.0 On which address should the server listen for incoming connections.
PermitRootLogin no Whether root is allowed to log in via SSH.
MaxAuthTries 6 Maximum number of login attempts per connection. When the number of failures reaches half this value, additional failures are logged.
IgnoreRhosts yes Whether to read user's ~/.rhosts and ~/.shosts
ClientAliveinterval 0 Sets the timeout interval in seconds, after which if no data has been recieved, sshd will check to see if the client is alive.
ClientAliveCountMax 3 Sets the number of client alive messages. If there is no response from the client after ClientAliveCountMax tries, it is disconnected.
Compression delayed Whether to use compression. The "delayed" option starts compression after the user has authenticated successfully.
CompressionLevel 6 Specify the level of compression. 1 is fast, 9 is best. For example, on a fast network the best choice is 1 (or even 0), and then both computers have powerfull processors, and the network is not very fast one should use a high number.

Client configuration optionsEdit

The following options should be placed in /etc/ssh_config or ~/.ssh/config

Basic optionsEdit