Securities Software (Network Services).Linux OpenSSH Client/Server
Edit the ssh_config file (vi /etc/ssh/ssh_config) and add/or change, if necessary the following parameters:
# Site-wide defaults for various options
Host*
ForwardAgent no ForwardXH no RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes FallBackToRsh no UseRsh no BatchMode no CheckHostIP yes StrictHostKeyChecking no IdentityFile ~/.ssh/identity Port 22
Cipher blowfish EscapeChar ~
This tells ssh_config file to set itself up for this particular configuration setup with:
Host*
The option “Host” restricts all forwarded declarations and options in the configuration file to be only for those hosts that match one of the patterns given after the keyword. The pattern “*” mean for all hosts up to the next Host keyword. With this option you can set different declarations for different hosts in the same “ssh_config” file.
ForwardAgent no
The option “ForwardAgent” specifies which connection authentication agent (if any) should be
forwarded to the remote machine.
ForwardX11 no
The option “ForwardX11″ is for people that use the Xwindow GUI and want to automatically redirect X11 sessions to the remote machine. Since we setup a server and don’t have GUI installed on it, we can safely turn this option off.
RhostsAuthentication no
The option “RhostsAuthentication” specifies whether we can try to use rhosts based
authentication. Because rhosts authentication is insecure you shouldn’t use this option.
RhostsRSAAuthentication no
The option “RhostsRSAAuthentication” specifies whether or not to try rhosts authentication in
concert with RSA host authentication.
RSAAuthentication yes
The option “RSAAuthentication” specifies whether to try RSA authentication. This option must be set to “yes” for better security on your sessions. RSA uses public and private keys pair created with the ssh-keygen1 utility for authentication purposes.
PasswordAuthentication yes
The option “PasswordAuthentication” specifies whether we should use password-based
authentication. For strong security, this option must always be set to “yes”.