infosec:ssh_config
Configuration du client SSH
Présentation des options du fichier de configuration du client ssh.
Localisation du fichier de configuration :
- Fichier de configuration global du système :
/etc/ssh/ssh_config
c'est dans ce répertoire que l'on trouvera entre autre le fichier de configuration ssh_config.
- Fichier de configuration par utilisateur :
$HOME/.ssh/ssh_config
c'est dans ce répertoire que l'on trouvera les jeux ce clef publiques/privés de l'utilisateur.
Fichier de configuration du client SSH
http://manpages.ubuntu.com/manpages/precise/man5/ssh_config.5.html
Exemple de fichier de configuration commenté :
- ssh_config
# # /etc/ssh/ssh_config # ############################################################## # # # @category ssh config file ubuntu desktop 14.04 LTS # @package openssh # @author infosec @ mdl29.net # @copyright 2016 - choucroutage.com # @license Attribution 4.0 International # @version 1.1 # @since 1.0 # @deprecated not yet # @link not link yet # @man page http://manpages.ubuntu.com/manpages/precise/man5/ssh_config.5.html # # ############################################################## # # Host * Protocol 2 LogLevel VERBOSE # Change port from defaut # # port change. root port are below 1024 Port 63728 # # ############################################################## # # identification of host # Verify IP of host is in the known_hosts file # # protocol version 2 only. default is no. CheckHostIP yes # Disable remote host based auth # # protocol version 2 only. default is no. # allows hosts to authenticate on behalf of all or some of the system's users HostbasedAuthentication no StrictHostKeyChecking ask HashKnownHosts yes # # ############################################################## # # tunnel negotiation # Auth # PasswordAuthentication yes PubkeyAuthentication yes PreferredAuthentications keyboard-interactive,publickey,password # Public key, 'key' # IdentityFile ~/.ssh/this_is_my_key # key exchange algorithms, 'kex' # KexAlgorithms ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256 # Symmetric cipher; 'cipher' # # The chosen algorithm will be the client's preferred algorithm, # the order in /etc/sshd_config is not important. Ciphers aes256-gcm@openssh.com # Message authentication code, 'MAC' # MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com # enable compression # # read the spec. defautl is no. Compression delayed # # ############################################################## # # tunnel parameters # Rekeying # RekeyLimit 3G 1h # timeout # ConnectTimeout 30 # timer # ServerAliveInterval 60 # Max # ServerAliveCountMax 30 SendEnv LANG LC_* # # ############################################################## # # disabling # disable gssapi kerberos # GSSAPIAuthentication no GSSAPIDelegateCredentials no GSSAPIKeyExchange no GSSAPITrustDNS no # Disable any forwarding # ForwardAgent no ForwardX11 no BatchMode no # Disable command trough tunnel # PermitLocalCommand no # AddressFamily any # Tunnel no # TunnelDevice any:any # Disbale command trough tunnel # PermitLocalCommand no # VisualHostKey no # auto proxi # ProxyCommand ssh -q -W %h:%p gateway.example.com # # ############################################################## # # Retro compatibility config ie not your 'main target' # # Disable remote host based auth # # protocol version 1 only. default is no. RhostsRSAAuthentication no # Enable public key auth # # protocol version 1 only. default is yes. RSAAuthentication yes # enable compression # # protocol version 1 only. default is 6. CompressionLevel 6 # # End file # ############################################################## # $HOME/.ssh must be 700 and # authorized_keys readable by the owner only, i.e. mode 600:
Détail des directives :
Directive | Description |
---|---|
host | … |
Protocol | … |
LogLevel | … |
infosec/ssh_config.txt · Dernière modification : 2024/04/16 22:19 de 127.0.0.1