We recommend ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256. Key exchange algorithms are selected by the KexAlgorithms option. A good value is ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ss/ssh/sshd_config/ h-dss. Host key algorithms are selected by the HostKeyAlgorithms option. This should also provide good interoperability. A good value is aes128-ctr,aes192-ctr,aes256-ctr. Symmetric algorithms for encrypting the bulk of transferred data are configured using the Ciphers option. Larger enterprises, or others wanting to run a tight security policy for certain servers, may want to configure the following configuration options. X11Forwarding yes AllowAgentForwarding yes PermitRootLogin yes Common configuration changes for the enterprise For important systems even such organizations should follow the guidelines for configuring enterprise servers. For such use, we recommend the following settings for homes, development servers, and universities. Many individual developers and power users wish to maximize their convenience rather than go for maximum security. Common configuration options for individual use It may also refer to a number of other files. The sshd_config file specifies the locations of one or more host key files (mandatory) and the location of authorized_keys files for users. The SSH server actually reads several configuration files. Contents Relationship of configuration files Common configuration options for individual use Common configuration changes for the enterprise Cryptographic policy Verbose logging AuthorizedKeysFile location Root login Login banner Port forwarding Certificate-based authentication Detailed sshd_config file format Relationship of configuration files
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |