Monday, November 19, 2012

Pre-configuration of SSH

I am happy that I use English on this blog. There are a lot of advantages of it :-)

Pre-configuration of SSH
Check that the SSH service is enabled on the server. Enable if not.
Perform backup of content of following files:
•    /etc/ssh/sshd_config – copy to /etc/ssh/sshd_config.old (ssh server),
•    /etc/ssh/ssh_config – copy to /etc/ssh/ssh_config.old (ssh client),

Log on as root and follow the instructions:
cp /etc/ssh/sshd_config  /etc/ssh/sshd_config.old
cp /etc/ssh/ssh_config  /etc/ssh/ssh_config.old
cat /etc/ssh/sshd_config

Then, review and modify the SSH server configuration in /etc/ssh/sshd_config file, for example:

Protocol 2
Port 22
#ListenAddress adres-ip
AllowTcpForwarding no
GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd no
KeepAlive yes
SyslogFacility auth
LogLevel info
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
KeyRegenerationInterval 3600
StrictModes no
LoginGraceTime 600
MaxAuthTries    6
MaxAuthTriesLog    3
PermitEmptyPasswords no
PasswordAuthentication yes
PermitRootLogin yes
Subsystem    sftp    /usr/lib/ssh/sftp-server
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
DSAAuthentication yes
PubkeyAuthentication yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
UsePAM yes
#AllowUsers oracle root userWhoIsUsedToLogIn

Remember after configuration of installation to change values of some parameters again (such as for security reasons):
PermitRootLogin without-password

Then, review and modify the SSH client configuration in /etc/ssh/ssh_config file, for example:

Protocol 2
Port 22
RSAAuthentication yes
DSAAuthentication yes
PasswordAuthentication yes
GSSAPIKeyExchange yes
StrictHostKeyChecking ask
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
Host *
GSSAPIAuthentication yes
ForwardX11Trusted yes
# Send locale-related environment variables
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
SendEnv XMODIFIERS

Restart the SSH server settings:
/etc/init.d/sshd stop
/etc/init.d/sshd start
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)