[Next] [Previous] [Up] [Top] [Contents]

29.4 Setting up the Service

29.4.2 Configuration Files

The server (sshd) configuration file is /etc/sshd_config. To allow hosts from a couple of subnets, use RSA authentication, but not Rhosts authentication, try a configuration file similar to the following:

# This is ssh server system-wide configuration file.

Port 22

AllowHosts 128.146.226.* 128.146.116.*

ListenAddress 0.0.0.0

HostKey /etc/ssh_host_key

ServerKeyBits 768

LoginGraceTime 600

KeyRegenerationInterval 3600

PermitRootLogin yes

QuietMode no

FascistLogging no

PrintMotd no

SyslogFacility LOCAL6

RhostsAuthentication no

RhostsRSAAuthentication no

RSAAuthentication yes

PasswordAuthentication no

The client (ssh) configuration files are: /etc/ssh_config for the system, and ~/.ssh/config for a user. This configuration file disallows Rhosts authentication, but sets RSA and Password authentication, and enables StrictHostKeyChecking.

# This is ssh client system-wide configuration file. This file provides defaults for users, and the values

# can be changed in per-user configuration files or on the command line.

# Configuration data is parsed as follows:

# 1. command line options

# 2. user-specific file

# 3. system-wide file

# Any configuration value is only changed the first time it is set. Thus, host-specific definitions should

# be at the beginning of the configuration file, and defaults at the end.

# Site-wide defaults for various options

RhostsAuthentication no

RhostsRSAAuthentication no

RSAAuthentication yes

PasswordAuthentication yes

StrictHostKeyChecking yes


Unix System Administration - 8 AUG 1996
[Next] [Previous] [Up] [Top] [Contents]