Securities Software (Network Services).Linux OpenSSH Client/Server
The option “X11 Forwarding” specifies whether X11 forwarding should be enabled or not on this
server. Since we setup a server without GUI installed on it, we can safely turn this option off.
PrintMotd yes
The option “PrintMotd” specifies whether the ssh daemon should print the contents of the 7etc/motd” file when a user logs in interactively. The 7etc/motd” file is also known as “the message of the day”.
SyslogFacility AUTH
The option “SyslogFacility” specifies the facility code used when logging messages from sshd.
The facility specifies the subsystem that produced the message-in our case, AUTH.
LogLevel INFO
The option “LogLevel” specifies the level that is used when logging messages from sshd. INFO is
a good choice. See the man page for sshd for more information on other possibilities.
RhostsAuthentication no
The option “RhostsAuthentication” specifies whether sshd can try to use rhosts based
authentication. Because rhosts authentication is insecure you shouldn’t use this option.
RhostsRSAAuthentication no
The option “RhostsRSAAuthentication” specifies whether to try rhosts authentication in concert
with RSA host authentication.
RSAAuthentication yes
The option “RSAAuthentication” specifies whether to try RSA authentication. This option must be set to “yes” for better security in your sessions. RSA use public and private key pairs created with the ssh-keygen1 utility for authentication purposes.
PasswordAuthentication yes
The option “PasswordAuthentication” specifies whether we should use password-based
authentication. For strong security, this option must always be set to “yes”.
PermitEmptyPasswords no
The option “PermitEmptyPasswords” specifies whether the server allows logging in to accounts with a null password. If you intend to use the “scp” utility to make automatic backups over the network, you must set this “option” to “yes”.
Allowilsers admin
The option “AllowUsers” specifies and controls which users can access ssh services. Multiple
users can be specified, separated by spaces.