Securing-Optimizing-RH-Linux-1_2_185
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
185
This option PasswordPrompt specifies the password prompt that will be display for the user
when connecting to a host. Variables '%U' and '%H' give the user's login name and host,
respectively.
Ssh1Compatibility no
This option Ssh1Compatibility specifies whether to use SSH1 compatibility code with SSH2 for
ssh1 users.
Ssh1AgentCompatibility none
This option Ssh1AgentCompatibility specifies whether to forward also SSH1 agent connection
with SSH2 for ssh1 users.
NoDelay yes
This option NoDelay specifies if socket option TCP_NODELAY must be enable. It is
recomanded to set this option to yes to improve network performance.
KeepAlive yes
This option KeepAlive specifies whether the system should send keep alive messages to the
remote server. If set to yes then death of the connection or crash of remote machines will be
properly noticed.
QuietMode no
This option QuietMode specifies whether the system runs in quiet mode. This option must be
set to no because in quiet mode, nothing is logged in the system log, except fatal errors. Since
we want to have information about users sessions it is preferable to disable this option.
Configure the /etc/ssh2/sshd2_config file
The configuration file for sshd2 /etc/ssh2/sshd2_config allows you to set options that modify the
operation of the daemon. The files contain keyword-value pairs, one per line, with keywords being
case insensitive. Here are the more important keywords; a complete listing is available in the man
page for sshd2 (8).
Edit the sshd2_config file (vi /etc/ssh2/sshs2_config) and add or change, if necessary:
# sshd2_config
# SSH 2.0 Server Configuration File
*:
Port
22
ListenAddress
192.168.1.1
Ciphers
blowfish
IdentityFile
identification
AuthorizationFile
authorization
HostKeyFile
hostkey
PublicHostKeyFile
hostkey.pub
RandomSeedFile
random_seed
ForwardAgent
no
ForwardX11
no
PasswordGuesses
3
MaxConnections
5
PermitRootLogin
no
AllowedAuthentications
publickey,password
RequiredAuthentications
publickey,password
VerboseMode
no
PrintMotd
yes
CheckMail
yes
UserConfigDirectory
"%D/.ssh2"