Setting |
Set
To |
Reason |
Port |
22 |
This is the port that the sshd server will listen on for
connections |
Protocol |
2 |
This specifies that the server
will only "talk" using ssh
protocol 2 |
PermitRootLogin |
no |
Disallows root logins over ssh |
IgnoreRhosts |
yes |
Disallows use of .rhosts or .shosts files |
StrictModes |
yes |
This checks file modes and
ownership of the user's files and home directory before accepting login |
X11Forwarding |
no |
Disallows X11 forwarding |
RhostsRSAAuthentication |
no |
Disallows use of .rhosts or /etc/hosts.equiv |
HostbasedAuthentication |
no |
Disallows use of .rhosts or /etc/hosts.equiv |
PermitEmptyPasswords |
no |
Does not allow users who have
empty passwords to login |
Ciphers |
blowfish-cbc,aes256-cbc,aes256-ctr |
Only use the strong encryption
schemes |
AllowUsers |
bob jane
andrew |
You can use this option to
explicitly specify which users can actually use the sshd server |
DenyUsers |
daemon bin
sync adm lp shutdown halt mail news uucp nobody operator squid postgres
gopher postfix xfs |
Deny all system accounts and
any other users who you may not want to have access |
PasswordAuthentication |
yes/no |
If you set this option to "no"
then the only way a user will be able to login will be via x509
certificates |
Compression |
yes/no |
This might give a performance
boost. Test and see. |