Securities Software (Network Services).Linux OpenSSH Client/Server
ListenAddress 192.168.1.1 HostKey /etc/ssh/ssh_host_key ServerKeyBits 1024 LoginGraceTime 600 KeyRegenerationlnterval 3600 PermitRootLogin no IgnoreRhosts yes IgnoreUserKnownHosts yes StrictModes yes X11 Forwarding no PrintMotd yes SyslogFacility AUTH LogLevel INFO RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no AllowUsers admin
This tells sshd_config file to set itself up for this particular configuration setup with:
Port 22
The option “Port” specifies on which port number ssh daemon listens for incoming connections.
The default port is 22.
ListenAddress 192.168.1.1
The option “ListenAddress” specifies the IP address of the interface network on which the ssh daemon server socket is bind. The default is “0.0.0.0″; to improve security you may specify only the required ones to limit possible addresses.
HostKey /etc/ssh/ssh_host_key
The option “HostKey” specifies the location containing the private host key.
ServerKeyBits 1024
The option “ServerKeyBits” specifies how many bits to use in the server key. These bits are used when the daemon starts to generate its RSA key.
LoginGraceTime 600
The option “LoginGraceTime” specifies how long in seconds after a connection request the server will wait before disconnecting if the user has not successfully logged in.
KeyRegenerationlnterval 3600
The option “KeyRegenerationlnterval” specifies how long in seconds the server should wait
before automatically regenerated its key. This is a security feature to prevent decrypting captured sessions.
PermitRootLogin no
The option “PermitRootLogin” specifies whether root can log in using ssh. Never say “yes” to this option.
IgnoreRhosts yes
The option “IgnoreRhosts” specifies whether rhosts or shosts files should not be used in
authentication. For security reasons it is recommended to NOT use rhosts or shosts files for
authentication.
IgnoreUserKnownHosts yes
The option “IgnoreUserKnownHosts” specifies whether the ssh daemon should ignore the user’s
“$HOME/.ssh/known_hosts” during RhostsRSAAuthentication.
StrictModes yes
The option “StrictModes” specifies whether ssh should check user’s permissions in their home directory and rhosts files before accepting login. This option must always be set to “yes” because sometimes users may accidentally leave their directory or files world-writable.
X11 Forwarding no