Sort out your SSH configs

Secure Server

Clients Come First

Because I'm not moving credit card data or anything really sensitive between server and client on my SSH sessions, I am more than comfortable reducing the level of encryption slightly to ensure faster network access. I don't make this change in the /etc/ssh/sshd_server config file but in the /etc/ssh/ssh_config client file on my workstation and laptop.

Note that the daemon filename lacks the usual letter d in this case. I append these lines to the foot of that file:

Compression yes
Cipher blowfish
Ciphers blowfish-cbc,aes128-cbc,3des-cbc,\
  cast128-cbc,arcfour,aes192-cbc,aes256-cbc

For once, you don't have to restart the server; just launch a new session to make sure it works. These lines should speed up your console sessions on slow connections, such as when using dial-up or GPRS when you're on the move.

Conclusion

In this article, I have barely scratched the surface of SSH's capabilities, and I haven't even looked at certificate-based logins for automation, powerful port forwarding, X11 forwarding, and the numerous other highly useful features, such as two-step authentication.

Even when using an almost out-of-the-box install, it's easy to see why SSH is a stalwart of the Internet today. I hope this insight will inspire newcomers to delve deeper into some of its other useful features.

Infos

  1. "TCP Wrappers" by Chris Binnie, ADMIN , issue 12, Feb/March 2013, pg. 92, http://www.admin-magazine.com/Articles/Secure-Your-Server-with-TCP-Wrappers

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • SSH on Windows

    For Linux admins, SSH is one the most important tools of remote administration. SSH also works in Windows, with tools such as PuTTY or WinSSH, MobaXterm, WinSCP, or Swish.

  • SSH tools for Windows
    For Linux admins, SSH is one the most important tools of remote administration. SSH also works in Windows, with tools such as PuTTY or WinSSH, MobaXterm, WinSCP, or Swish.
  • The top three SSH tricks
    Add extra security to your SSH service, securely copy files to and from remote computers, and configure passwordless SSH for automation scripting.
  • Port Knocking
    To ensure that the data on your computers remains accessible only by you and those with whom you want to share, we look at the advantages of combining TCP Wrappers and port knocking.
  • TCP Stealth hides open ports
    Port scans for finding vulnerable services are nothing new, and port knocking as a defense has been around for a while, too. TCP Stealth tries to do something similar, but it takes a more sophisticated approach. We take a closer look.
comments powered by Disqus