Sort out your SSH configs

Secure Server

Clients Come First

Because I'm not moving credit card data or anything really sensitive between server and client on my SSH sessions, I am more than comfortable reducing the level of encryption slightly to ensure faster network access. I don't make this change in the /etc/ssh/sshd_server config file but in the /etc/ssh/ssh_config client file on my workstation and laptop.

Note that the daemon filename lacks the usual letter d in this case. I append these lines to the foot of that file:

Compression yes
Cipher blowfish
Ciphers blowfish-cbc,aes128-cbc,3des-cbc,\
  cast128-cbc,arcfour,aes192-cbc,aes256-cbc

For once, you don't have to restart the server; just launch a new session to make sure it works. These lines should speed up your console sessions on slow connections, such as when using dial-up or GPRS when you're on the move.

Conclusion

In this article, I have barely scratched the surface of SSH's capabilities, and I haven't even looked at certificate-based logins for automation, powerful port forwarding, X11 forwarding, and the numerous other highly useful features, such as two-step authentication.

Even when using an almost out-of-the-box install, it's easy to see why SSH is a stalwart of the Internet today. I hope this insight will inspire newcomers to delve deeper into some of its other useful features.

Infos

"TCP Wrappers" by Chris Binnie, ADMIN , issue 12, Feb/March 2013, pg. 92, http://www.admin-magazine.com/Articles/Secure-Your-Server-with-TCP-Wrappers

« Previous 1 2 3

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

SUBSCRIPTIONS

Print Subs

Digisubs

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia