English
Русский
SoHo - SSH
Configure SSH daemon parameters in /etc/ssh/sshd_config.
The SSH protocol version 1 is insecure, disable it
Protocol 2
Prevent ssh connection to server from freezing due to TCP inactivity
ClientAliveInterval 10 ClientAliveCountMax 3TCPKeepAlive yes
GSSAPI can make ssh hang, so disable it
GSSAPIAuthentication no
Set a few other handy parameters:
X11Forwarding yes Compression yes
Using DNS to resolve host address back to name and comparing it to original name significantly slows down login, disable it:
UseDNS no
Only use RSA 2048+ SSH host keys. Enable RSA and disable DSA keys:
# HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key
Re-generate RSA keys using empty passphrase:
ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key
Bookmark this post on:
Comments
Post new comment