Configuring the Secure Shell
Configuration is the the technical implementation of the local security policy. When setting the policy, management decided the level of protection needed for machines and data. Now you must implement their decisions when configuring Secure Shell. Secure Shell has a variety of options, some of which may not be appropriate to your local situation. Configure according to your policy. Again, if you do not have a security policy, it is important to establish one.
In configuring Secure Shell, keep in mind two principles:
Let no single point of configuration or defense be the only gatekeeper for security.
Plan on failure
Secure Shell can, and should, be configured at multiple points (build-time, server configuration, and client configuration). No single misconfiguration should completely break the system security.
Example client and server configurations can be found in "Scripts and Configuration Files" on page 159. Consult the appendixes on server and client configuration options for information on individual options. Also refer to vendor documentation because the appendixes are not all encompassing. OpenSSH exists in a particularly fluid state with new options occasionally appearing.
In order of precedence, Secure Shell configuration occurs at the following places: the software build-time, the server command-line options, the server configuration file (sshd_config), the client command-line options, the user client configuration file (~/.ssh/config), and the global client configuration file (ssh_config). Build-time configuration is the strongest. It cannot be changed without rebuilding the software. This makes it inconvenient if a change is needed.
The server configuration involves the following: how the sshd(1M) daemon will present itself on the network, what protocols and authentication methods are acceptable, and how the user environment is constructed. The client configuration involves the following: determining which server to transact with which protocol, verifying the server identity, determining the user identity presentation, and choosing the ease-of-use features. Policy details are implemented on the server side. The client cannot override or provide a feature that the server does not offer.
The available features can be enabled or disabled by either command-line options or the applicable configuration file. Command-line options apply to a particular instantiation of either the server or client. Configuration file options are persistent until the file is altered and a new instantiation started. The most reliable configuration method uses the configuration file. This gives a repeatable, reproducible invocation. Changes can also be tracked by using source control. For information on command-line options, consult the vendor documentation.