Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
Like this article? We recommend

Appendix A

Example server configuration

#
#    Example sshd_config with recommended server defaults.
#
# Protocol two for security
Protocol 2
# Only if legacy clients are an issue
# If legacy SSH version one support is turned on, there are other
# configuration options to consider. Consult the sshd(8) manpage.
#Protocol 2,1
#
# If your jurisdiction requires a banner
#Banner /etc/issue
#
# Allow encrypted tunnels for insecure protocols
AllowTCPForwarding yes
GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
XAuthLocation /usr/X/bin/xauth
#
KeepAlive yes
#
# Turn on for BSM auditing. Feature is not compatible with X forwarding.
# Do NOT turn on with a version of OpenSSH previous to 3.0.2 due a 
local root exploit.
UseLogin no
#
# Allow sftp access.
Subsystem    sftp  /opt/OBSDssh/libexec/sftp-server
#
# Authentication methods
# Do not allow weak rhosts style authentication
HostbasedAuthentication no
RhostsAuthentication no
IgnoreRhosts yes
# Do not allow empty passwords
PermitEmptyPasswords no
# Force users to su to root
PermitRootLogin no
# If machine lives on the Internet, public key only
PasswordAuthentication no
PubkeyAuthentication yes
# Sixty seconds to login
LoginGraceTime 60
#
# User management details
# Login shell should check for email and display Message Of The Day
CheckMail no
PrintMotd no
PrintLastLog yes
# Prevent tampering of user's ~/.ssh due to poor permissions
StrictModes yes
#
#
# Legacy Protocol one options
# Use only if supporting legacy clients
#KeyRegenerationInterval 1800
#ServerKeyBits 768
#RSAAuthentication yes
#RhostsRSAAuthentication no

Example client configuration

#
#    Example ~/.ssh/config with recommended user defaults.
#
# standard host with a nickname
Host foo
HostName foo.eng.acme.com
#
# standard host with a port forwarded
Host test
HostName test.corp.acme.com
# Allow HTTP access to the corporate internal server
LocalForward 8080 http://www.corp.acme.com:80
#
# Host with only legacy SSH1 support
Host legacy
HostName legacy.acme.com
Protocol 1
User oldtimer
#
# Global defaults
Host *
# Only allow SSH version two protocol except where specifically listed.
Protocol 2
# After three connection attempts give up
ConnectionAttempts 3
# Allow X display forwarding
ForwardX11 yes
# Do not allow other hosts to connect to forwarded ports
GatewayPorts no
# Check if host key has changed due to DNS spoofing
CheckHostIP yes
# Never use the insecure rsh
FallBackToRsh no
# If encountering a new host, ask about accepting the host key
StrictHostKeyChecking ask
# Solaris location of xauth
XAuthLocation /usr/X/bin/xauth
# Detect if unable to connect to the server temporarily
KeepAlive yes

  • + Share This
  • 🔖 Save To Your Account