| Securing and Optimizing Linux: RedHat Edition -A Hands on Guide | ||
|---|---|---|
| Prev | Chapter 16. Software -Securties(commercial) | Next |
The configuration file for ssh2 /etc/ssh2/ssh2_config allows you to set options that modify the operation of the client programs. The files contain keyword-value pairs, one per line, with keywords being case insensitive. Here are the more important keywords; a complete listing is available in the man page for ssh2(1).
Edit the ssh2_config file, vi /etc/ssh2/ssh2_config and add or change, if necessary:
# ssh2_config
# SSH 2.0 Client Configuration File
*:Port 22
Ciphers blowfish
Compression yes
IdentityFile identification
AuthorizationFile authorization
RandomSeedFile random_seed
VerboseMode no
ForwardAgent no
ForwardX11 no
PasswordPrompt "%U's password: "
Ssh1Compatibility no
Ssh1AgentCompatibility none
NoDelay yes
KeepAlive yes
QuietMode no
|
The option Port specifies on which port number ssh connects to on the remote host. The default port is 22.
The option Ciphers specifies what cipher should be used for encrypting sessions. The blowfish uses 64-bit blocks and keys of up to 448 bits.
The option Compression specifies whether to use compression during sessions. Compression will improve communication speed and files transfers.
The option IdentityFile specifies an alternate name for the user's identification file.
The option AuthorizationFile specifies an alternate name for the user's authorization file.
The option RandomSeedFile specifies an alternate name for the user's random seed file.
The option VerboseMode instructs ssh2 to print debugging messages about its progress. This option is helpful in debugging connection, authentication, and configuration problems.
The option ForwardAgent specifies which connection authentication agent if any should be forwarded to the remote machine.
The option ForwardX11 is for people that use the Xwindow GUI and want to automatically redirect X11 sessions to the remote machine. Since we've set up a server and do not have a GUI installed on it, we can safely turn this option off.
The option PasswordPrompt specifies the password prompt that will be displayed for the user when connecting to a host. Variables %U and %H give the user's login name and host, respectively.
The option Ssh1Compatibility specifies whether or not to use SSH1 compatibility code with SSH2 for ssh1 users.
The option Ssh1AgentCompatibility specifies whether or not to also forward SSH1 agent connections with SSH2 for ssh1 users.
The option NoDelay specifies if the socket option TCP_NODELAY should be enabled. It is recommended that you set this option to yes to improve network performance.
The option KeepAlive specifies whether the system should send keep alive messages to the remote server. If set to yes then the death of the connection or crash of remote machines will be properly noticed.
The option QuietMode specifies whether the system runs in quiet mode. This option must be set to no because in quiet mode, nothing is logged in the system log except for fatal errors. Since we want to have information about users sessions it is preferable to disable this option.