Configure Additional Options Described In Documentation
General Information
Additional SSH options.
Lab Setup
The following virtual machines will be used:
- server1.example.com (192.168.1.150) → The SSH client
- server2.example.com (192.168.1.151) → The SSH server
Initial Setup
Install package and generates system keys (should almost always be installed)
yum install openssh-server
- openssl is a dependency
Enable and start sshd
systemctl enable sshd
systemctl start sshd
Allow through firewall
firewall-cmd --permanent --add-service=ssh firewall-cmd --reload
SSHD Config File
- SSH Daemon config file: /etc/ssh/sshd_config
- Configure additional options here
- See man sshd_config
Some useful options
- Port → TCP listening port for sshd
- PermitRootLogin → Allow/disallow root login
- MaxAuthTries → Number of authentication tries. When 1/2 the number is reached, failures are logged.
- MaxSessions → Max number of ssh sessions from one IP address
- AllowUsers → Space-separated list of users allowed to connect
- DenyUsers → Space-separated list of users to deny conections
- PasswordAuthentication → Whether to allow password authentication or not.
- GSSAPIAuthentication → Authentication through GSSAPI enabled or disabled. Used for kerberos
- ClientAliveInterval → Interval in seconds packets are sent to the client to see if the client is still alive.
- ClientAliveCountMax → Number of client alive packets to send.
- UseDNS → Use DNS name lookup to match an incoming IP address to name. (if on)