Previous | Next Table of Contents

NetBSD Security Processes and Services: Configuring Secure Shell

NetBSD ships with a Secure Shell implementation based on OpenBSD's. The default configuration of Secure Shell is done quite well, and there is little an administrator needs to actually do in most cases. Turning on the Secure Shell daemon is required, however. For posterity, we are going to take a short look at configuring it.

The Client Side Configuration File (top)

The ssh client's configuration file is located in /etc/ssh/ssh_config. The options contained in it are named intuitively and are rather verbose. Documentation can be found in the ssh_config(5) manpage.

The Server Configuration File (top)

The server side of SSH is configured via /etc/ssh/sshd_config. The defaults are set to high security levels by default. To enable the ssh server, put "sshd=yes" into /etc/rc.conf and run "sh /etc/rc.d/sshd restart" to start the server daemon and create any host keys if they are not already present.

One item to take note of is that the server config does not allow X11 forwarding by default, which of course on a firewall is a good thing. To enable it the administrator must change the following lines: 

StrictModes no
X11Forwarding yes

Again, there is little to nothing the administrator needs to do with the Secure Shell setup unless they wish to alter the default config.

Previous | Next Table of Contents
Home page
Documentation top level
(Contact us) $NetBSD: config_ssh.html,v 1.12 2005/09/28 17:24:21 mishka Exp $
Copyright © 1994-2005 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
NetBSD® is a registered trademark of The NetBSD Foundation, Inc.