Securing-Optimizing-RH-Linux-1_2_176
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
176
HostKey /etc/ssh/ssh_host_key
This option HostKey specifies the host keys location containing the private host key.
RandomSeed /etc/ssh/ssh_random_seed
This option RandomSeed specifies the file location containing the random seed for the server.
Client that generates random numbers created automatically and updated regularly by the server
uses this file.
ServerKeyBits 1024
This option ServerKeyBits specifies how many bits to use in the server key. These key bits are
used when the daemon starts to generate his RSA key.
LoginGraceTime 600
This option LoginGraceTime specifies how long in second after a connection request the server
will wait before disconnecting if the user has not successfully logged in.
KeyRegenerationInterval 3600
This option KeyRegenerationInterval specifies how long in second the server should wait before
automatically regenerated his key. This is a security feature to prevent decrypting captured
sessions.
PermitRootLogin no
This option PermitRootLogin specifies whether root can log in using ssh. Never say yes to this
option.
IgnoreRhosts yes
This option IgnoreRhosts specifies whether rhosts or shosts files shouldnt be used in
authentication. For security reason it is recommended to not use rhosts or shosts files for
authentication.
StrictModes yes
This option StrictModes specifies whether ssh should check user's permissions in their home
directory and rhosts files before accepting login. This option must always be set to yes because
sometimes users may accidentally leave their directory or files world-writable.
QuietMode no
This option QuietMode specifies whether the system runs in quiet mode. This option must be
set to no because in quiet mode, nothing is logged in the system log, except fatal errors. Since
we want to have information about users sessions it is preferable to disable this option.
X11Forwarding no
This option X11Forwarding specifies whether X11 forwarding must be enable or not on this
server. Since we setup a server without GUI installed on it, we can safety turn this option off.
FascistLogging no
This option FascistLogging specifies whether to perform intrusive logging. This kind of logging is
not recommended because it violates the privacy of users.
PrintMotd yes
This option PrintMotd specifies whether ssh daemon should print the content of the /etc/motd
file when a user logs in interactively. The /etc/motd file is also know as the message of the
day.
KeepAlive yes