---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 174 This option “RhostsAuthentication” specifies whether we can try to use rhosts based authentication. Because rhosts authentication is insecure you shouldn’t use this option. RhostsRSAAuthentication no This option “RhostsRSAAuthentication” specifies whether to try rhosts authentication in concert with RSA host authentication. RSAAuthentication yes This option “RSAAuthentication” specifies whether to try RSA authentication. This option must be set to “yes” for better security on your sessions. RSA use public and private keys pair created with the ssh-keygen1utility for authentication purposes. TISAuthentication no This option “TISAuthentication” specifies whether to try TIS authentication. TIS is an Internet Firewall Toolkit, so we don’t use it, we don’t need it. PasswordAuthentication yes This option “PasswordAuthentication” specifies whether we should use password-based authentication. For a strong security, this option must always be set to “yes”. FallBackToRsh no This option “FallBackToRsh” specifies that if a connection with ssh daemon fails rsh should automatically be used instead. Recall that rsh service is insecure, so this option must always be set to no. UseRsh no This option “UseRsh” specifies that rlogin/rsh services should be used in this host. As for the “FallBackToRsh” option, it must be set to no this is a security question. BatchMode no This option “BatchMode” specifies whether a username and password querying on connect will be disable. This option is useful when you create scripts and don’t want to supply the password. (e.i. Script that use scp command to make backups over the network). Compression yes This option “Compression” specifies whether to use compression during sessions. Compression will improve communication speed and files transfer. StrictHostKeyChecking no This option “StrictHostKeyChecking” specifies whether ssh will automatically add new host keys to the $HOME/.ssh/known_hosts file or never automatically add new host keys to the host file. This option when set to “yes” provides maximum protection against Trojan horse attacks. One interesting procedure with this option is to set it to “no” at the beginning to add automatically all hosts to the host file and then return to set it to “yes” to take advantage of it feature. IdentityFile ~/.ssh/identity This option “IdentityFile” specifies an alternate RSA authentication identity file to read. Also multiple identity files may be specified in the configuration file (ssh_config). Port 22 This option “Port” specifies on which port number ssh connect on the remote host. The default port is 22. KeepAlive yes