Re: need an efficient and secure sshd_config

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 14 Jul 2009 11:05:20 -0600
Remo Mattei <remo-dated-1248023133.666171@xxxxxxxxxx> wrote:

> ClientAliveInterval <time interval in seconds>
> ClientAliveCountMax 0
> 
> That should do for the time settings :)
> 
> Remo


Thanks a lot Remo.
Hope you don't mind if I insist on you to also show how to set the sshd deamon so that 

1> it forces the client to follow compression
2> Suppress the host and IP information on client side

Is there any such time settings possible on host side ( in ssh_conf ? )

Wish you a nice time.


> 
> 
> On 7/14/09 9:55 AM, "J. Bakshi" <bakshi12@xxxxxxxxx> wrote:
> 
> > On Mon, 13 Jul 2009 10:00:52 +0200
> > matteo filippetto <matteo.filippetto@xxxxxxxxx> wrote:
> > 
> >> 2009/7/12 J. Bakshi <bakshi12@xxxxxxxxx>:
> >>> Dear list,
> >>> 
> >>> I am running openssh-server __1:5.1p1-5+b1 on a remote debian box.
> >>> There are a no. of online docs on sshd configuration. I am afraid
> >>> to say that even reading a no. of such tutorial I am still
> >>> confused. I am looking for a sshd_config file which is both
> >>> strict about security as well as efficient to control its client.
> >>> Like it should force the client to have compression, it should
> >>> survive with poor internet, and other good features which can
> >>> make it a good ssh server.
> >>> 
> >>> Could any one please suggest such sshd_config ?
> >>> 
> >>> Here is mine
> >>> 
> >>> ```````````````
> >>> Port 47015
> >>> Protocol 2
> >>> PermitRootLogin no
> >>> PasswordAuthentication no
> >>> UsePAM yes
> >>> X11Forwarding no
> >>> ``````````
> >>> 
> >>> thanks
> >>> 
> >> 
> >> Hi,
> >> 
> >> maybe you can read this discussion
> >> 
> >> http://www.governmentsecurity.org/forum/index.php?showtopic=6051
> >> 
> >> and for sure take a lokk to the official documentation
> >> 
> >> http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5
> >> 
> >> Bye
> >> 
> > 
> > Thanks for your response but I have not found yet what I'm looking
> > for. I need the configuration which actually suppress the hostname
> > and the domain/IP on client side. client will only be prompted for
> > password. The second thing the sshd should allow the client to be
> > connected even half an hour with out executing any command. Any
> > such configuration in openssh ?
> > 
> > Thanks
> > 
> > !DSPAM:4a5cb7a6195119363919659!
> > 
> 

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux