Configuring SSH Server
As CP+ admin, you can configure SSH Server. These settings will affect user SSH configuration.
To set up SSH Server, log in as admin and select SSH Server
in the System Monitor section of the left-side menu. You will see the following options to choose from:
This module allows you to configure various options for the SSH server installed on your system,
as well as option used when an SSH client makes a connection from your machine to another server. After making any server
option changes, make sure to click the Apply Changes button at the bottom of the page for the changes to take effect.
Authentication
This page is for configuring authentication-related options for your SSH server.
To set up authentication options, click the Authentication icon on the SSH Server page. Fill the form that shows by choosing necessary options:
Some of the displayed options are :
- Allow authentication by password: with this option set to 'Yes', the user will be allowed to enter a password for authentication.
- Allow RSA authentication?: SSH can be setup to use RSA keys for authentication instead of the normal username and password
used by telnet. If this is set to 'No', users will always need to enter their password.
If this is set to 'Yes', users can log into a remote server without having to enter a password each time.
- Check permissions on key files?: If set to 'Yes', the SSH server will check each user's .ssh directory and
any parent directories to make sure they are not group writable, and the .ssh/identity file to make sure it is not readable by anyone else.
If set to No, no checking of file permissions will be done.
Click Save to preserve changes.
Networking
This page allows configuring networking options for the SSH server.
To set up networking options, click the Networking icon on the SSH Server page. On the page that shows:
Some of the displayed options are:
- Disconnect if client has crashed?: If set to Yes, the SSH server will periodically check to see if the
client is still alive. If not (because of a network error or client machine crash) it will be disconnected.
- Allow TCP forwarding?: If this option is set, users can tunnel TCP connections from client
machines to machines on the server's network, and also allow connections back from the server to machines on the client network.
Choose other necessary options: addresses and ports to listen on, allowed protocols and etc. Click Save.
Access Control
To configure it, click the Access Control icon on the SSH Server page. On the page that shows:
Fill the form that shows by choosing necessary options: addresses and ports to listen on, allowed protocols and etc. Click Save.
Miscellaneous Options
This page contains options that don't fit into any of the other categories. This option allows to configure different options it.
Click the Miscellaneous Options icon on the SSH Server page and fill the page that shows:
Some of the displayed options are:
- Allow X11 connection forwarding?: with this option set to 'Yes', users making an SSH login from a Unix machine will be
able to run X applications on the server and have the X connection tunnelled back through the SSH connection to their local display.
- System log facility: choose the syslog facility that is used to log error and information messages from the SSH server.
- Server key regeneration interval: set how often the SSH server re-generated the key used for encrypting
connections. If you are cautious about security, set this to a lower number.
If necessary, set other options and click Save.
Client Host Options
This page displays hosts and host patterns for which SSH client options have been defined.
By default, defined are the options that apply to all client hosts. If necessary, you can create additional sets of options
in order to control how users login to other specific servers.
To configure client options for SSH host:
- Click the Client Host Options icon on the SSH Server page.
- On the page that shows click Add options for client host, it will open the following page:
Some of the displayed options are:
- Login as user: if no username is given on the ssh command line, the name of the current user is used to login to the remote SSH server.
However, this option can be used to specify a different default username for a particular host or hosts.
- Escape character: when making an interactive SSH login, the escape character can be used
to break out of the connection and close or suspend it.
- Compress SSH traffic?: With this option enabled, the SSH client will compress all data sent to this host with the gzip algorithm.
This can be useful if you are copying large files with scp over a slow link.
- Local ports to forward to server: here you can enter local port numbers which will be forwarded to some host and port by the SSH server.
This can be useful if you access to some machine on some network via SSH login, and you want to access other services like web or POP servers.
- Server ports to forward to local: in this table you can enter port numbers on the server which will be
forwarded to some host and port on the client machine's network.
- Set other options, if necessary, and click Save.
To remove this option, click the Delete button.
User SSH Key Setup
This page allows to configure the automatic setup of SSH for new Unix users created on your system.
If configured, new users will not have to run ssh-keygen before using SSH.
To configure it, click the user SSH Key Setup icon on the SSH Server page and choose necessary options on the page that shows:
- Check Setup SSH key for new Unix users and select either of the below options:
- Copy new identify.pub to authorized_keys.
- Use password as key passphrase.
- Click Save.
|
