Securing-Optimizing-RH-Linux-1_2_174
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
174
This option RhostsAuthentication specifies whether we can try to use rhosts based
authentication. Because rhosts authentication is insecure you shouldnt use this option.
RhostsRSAAuthentication no
This option RhostsRSAAuthentication specifies whether to try rhosts authentication in concert
with RSA host authentication.
RSAAuthentication yes
This option RSAAuthentication specifies whether to try RSA authentication. This option must be
set to yes for better security on your sessions. RSA use public and private keys pair created
with the ssh-keygen1utility for authentication purposes.
TISAuthentication no
This option TISAuthentication specifies whether to try TIS authentication. TIS is an Internet
Firewall Toolkit, so we dont use it, we dont need it.
PasswordAuthentication yes
This option PasswordAuthentication specifies whether we should use password-based
authentication. For a strong security, this option must always be set to yes.
FallBackToRsh no
This option FallBackToRsh specifies that if a connection with ssh daemon fails rsh should
automatically be used instead. Recall that rsh service is insecure, so this option must always be
set to no.
UseRsh no
This option UseRsh specifies that rlogin/rsh services should be used in this host. As for the
FallBackToRsh option, it must be set to no this is a security question.
BatchMode no
This option BatchMode specifies whether a username and password querying on connect will
be disable. This option is useful when you create scripts and dont want to supply the password.
(e.i. Script that use scp command to make backups over the network).
Compression yes
This option Compression specifies whether to use compression during sessions. Compression
will improve communication speed and files transfer.
StrictHostKeyChecking no
This option StrictHostKeyChecking specifies whether ssh will automatically add new host keys
to the $HOME/.ssh/known_hosts file or never automatically add new host keys to the host file.
This option when set to yes provides maximum protection against Trojan horse attacks. One
interesting procedure with this option is to set it to no at the beginning to add automatically all
hosts to the host file and then return to set it to yes to take advantage of it feature.
IdentityFile ~/.ssh/identity
This option IdentityFile specifies an alternate RSA authentication identity file to read. Also
multiple identity files may be specified in the configuration file (ssh_config).
Port 22
This option Port specifies on which port number ssh connect on the remote host. The default
port is 22.
KeepAlive yes