Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
Like this article? We recommend

Like this article? We recommend

Appendix: Configuration Files

This section contains examples of server and client configuration files.

Server Configuration Files

This section contains examples of server configuration files that you can use in your environment.

DMZ-Bastion Host Server

The following is an example of the DMZ-bastion host server Secure Shell configuration file:

# Protocol and server operation
Compression yes
KeepAlive yes
MaxStartups 10
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
Protocol 2
Port 22
# If using OpenSSH
UseLogin no
UsePrivilegeSeparation no

# Authentication
# Only allow public key based authentication. No passwords.
DSAAuthentication yes
LoginGraceTime 60
PAMAuthenticationViaKBDInt yes
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin no
PubKeyAuthentication yes

# User environment
AllowTCPForwarding no
Banner /etc/issue
CheckMail no
GatewayPorts no
PrintMotd no
StrictModes yes
X11Forwarding no

Legacy Support

The following is an example of the Secure Shell server configuration file with legacy support.

# Protocol and server operation
Compression yes
KeepAlive yes
MaxStartups 10
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Enable protocol 1 but default to protocol 2.
Protocol 2,1
Port 22
# If using OpenSSH
UseLogin no
UsePrivilegeSeparation no

# Authentication
DSAAuthentication yes
LoginGraceTime 60
PAMAuthenticationViaKBDInt yes
PasswordAuthentication yes
PermitEmptyPasswords no
PermitRootLogin no
PubKeyAuthentication yes

# User environment
AllowTCPForwarding yes
Banner /etc/issue
CheckMail no
GatewayPorts no
PrintMotd no
StrictModes yes
X11DisplayOffset 10
X11Forwarding yes
XAuthLocation /usr/X/bin/xauth

# Legacy support options - protocol 1
HostKey /etc/ssh/ssh_host_key
IgnoreRhosts yes
IgnoreUserKnownHosts yes
KeyRegenerationInterval 1800
RhostsAuthentication no
RhostsRSAAuthentication no

Workstation Server

The following is an example of the Secure Shell workstation server configuration file:

# Protocol and server operation
Compression yes
KeepAlive yes
MaxStartups 10
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
Protocol 2
Port 22
# If using OpenSSH
UseLogin no
UsePrivilegeSeparation no

# Authentication
DSAAuthentication yes
LoginGraceTime 60
PAMAuthenticationViaKBDInt yes
PasswordAuthentication yes
PermitEmptyPasswords no
PermitRootLogin no
PubKeyAuthentication yes

# User environment
AllowTCPForwarding yes
Banner /etc/issue
CheckMail no
GatewayPorts no
PrintMotd no
StrictModes yes
X11DisplayOffset 10
X11Forwarding yes
XAuthLocation /usr/X/bin/xauth

Client Configurations

This section contains examples of the client configuration files for remote workers and client workstations.

Remote Worker Configuration File

The following is an example of the Secure Shell user configuration file for remote workers.

# nickname for bastion host
Host work
  Hostname dmz.someplace.com
  Port 2929
  User max

# Defaults - must login via an identity key using only protocol 2.
Host *
  CheckHostIP yes
  Compression yes
  CompressionLevel 9
  ConnectionAttempts 3
  DSAAuthentication yes
  FallBackToRsh no
  ForwardAgent no
  ForwardX11 yes
  GatewayPorts no
  KeepAlive yes
  LocalForward 8080 intranet.extremefoosticks.com:80
  PasswordAuthentication no
  Protocol 2
  PubkeyAuthentication yes
  RhostsAuthentication no
  RhostsRSAAuthentication no
  RSAAuthentication no
  StrictHostKeyChecking yes
  UsePriviledgedPort no
  UseRsh no
  XAuthLocation /usr/X/bin/xauth

Workstation Configuration File

The following is an example of the Secure Shell user configuration file for a workstation.

# nickname for remote server
Host server
  HostName server.faroff.corp

# remote host needing a network proxy to access.
Host remote
  HostName remote.otherplace.org
  User pablo
  ProxyCommand /usr/lib/ssh/ssh-socks5-proxy-connect -h socks.server
-p 1080 remote.otherplace.org 22

# Defaults
Host *
  CheckHostIP yes
  Compression yes
  CompressionLevel 6
  FallBackToRsh no
  ForwardAgent no
  ForwardX11 yes
  GatewayPorts no
  KeepAlive yes
  PasswordAuthentication yes
  Protocol 2
  StrictHostKeyChecking ask
  UseRsh no
  XAuthLocation /usr/X/bin/xauth
  • + Share This
  • 🔖 Save To Your Account