HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_185
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 185 This option “PasswordPrompt” specifies the password prompt that will be display for the user when connecting to a host. Variables '%U' and '%H' give the user's login name and host, respectively. Ssh1Compatibility no This option “Ssh1Compatibility” specifies whether to use SSH1 compatibility code with SSH2 for ssh1 users. Ssh1AgentCompatibility none This option “Ssh1AgentCompatibility” specifies whether to forward also SSH1 agent connection with SSH2 for ssh1 users. NoDelay yes This option “NoDelay” specifies if socket option TCP_NODELAY must be enable. It is recomanded to set this option to “yes” to improve network performance. KeepAlive yes This option “KeepAlive” specifies whether the system should send keep alive messages to the remote server. If set to “yes” then death of the connection or crash of remote machines will be properly noticed. QuietMode no This option “QuietMode” specifies whether the system runs in quiet mode. This option must be set to “no” because in quiet mode, nothing is logged in the system log, except fatal errors. Since we want to have information about users sessions it is preferable to disable this option. Configure the “/etc/ssh2/sshd2_config” file The configuration file for sshd2 “/etc/ssh2/sshd2_config” allows you to set options that modify the operation of the daemon. The files contain keyword-value pairs, one per line, with keywords being case insensitive. Here are the more important keywords; a complete listing is available in the man page for sshd2 (8). Edit the sshd2_config file (vi /etc/ssh2/sshs2_config) and add or change, if necessary: # sshd2_config # SSH 2.0 Server Configuration File *:         Port 22         ListenAddress 192.168.1.1         Ciphers  blowfish         IdentityFile identification         AuthorizationFile authorization         HostKeyFile                       hostkey         PublicHostKeyFile hostkey.pub         RandomSeedFile random_seed         ForwardAgent no         ForwardX11 no         PasswordGuesses  3         MaxConnections 5           PermitRootLogin no         AllowedAuthentications publickey,password         RequiredAuthentications  publickey,password         VerboseMode no         PrintMotd yes         CheckMail yes         UserConfigDirectory "%D/.ssh2"