Re: need an efficient and secure sshd_config



On Tue, 14 Jul 2009 11:05:20 -0600
Remo Mattei <remo-dated-1248023133.666171@xxxxxxxxxx> wrote:

ClientAliveInterval <time interval in seconds>
ClientAliveCountMax 0

That should do for the time settings :)

Remo


Thanks a lot Remo.
Hope you don't mind if I insist on you to also show how to set the sshd deamon so that

1> it forces the client to follow compression
2> Suppress the host and IP information on client side

Is there any such time settings possible on host side ( in ssh_conf ? )

Wish you a nice time.




On 7/14/09 9:55 AM, "J. Bakshi" <bakshi12@xxxxxxxxx> wrote:

On Mon, 13 Jul 2009 10:00:52 +0200
matteo filippetto <matteo.filippetto@xxxxxxxxx> wrote:

2009/7/12 J. Bakshi <bakshi12@xxxxxxxxx>:
Dear list,

I am running openssh-server __1:5.1p1-5+b1 on a remote debian box.
There are a no. of online docs on sshd configuration. I am afraid
to say that even reading a no. of such tutorial I am still
confused. I am looking for a sshd_config file which is both
strict about security as well as efficient to control its client.
Like it should force the client to have compression, it should
survive with poor internet, and other good features which can
make it a good ssh server.

Could any one please suggest such sshd_config ?

Here is mine

```````````````
Port 47015
Protocol 2
PermitRootLogin no
PasswordAuthentication no
UsePAM yes
X11Forwarding no
``````````

thanks


Hi,

maybe you can read this discussion

http://www.governmentsecurity.org/forum/index.php?showtopic=6051

and for sure take a lokk to the official documentation

http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5

Bye


Thanks for your response but I have not found yet what I'm looking
for. I need the configuration which actually suppress the hostname
and the domain/IP on client side. client will only be prompted for
password. The second thing the sshd should allow the client to be
connected even half an hour with out executing any command. Any
such configuration in openssh ?

Thanks

!DSPAM:4a5cb7a6195119363919659!