Setup guide

also accessible at /etc/sshd_config because /etc is a symbolic link to

/private/etc). To implement recommended settings:

1. Open /private/etc/sshd_config.

2. Locate the “Authentication” section.

3. To disable root login via SSH (forcing the administrator to use su or sudo

to obtain root privileges), change the PermitRootLogin line to:

PermitRootLogin no

4. To have the SSH server ensure that permissions on users’ files and

directories are correct before allowing the connection, change the

StrictModes line to:

StrictModes yes

5. By default, SSH allows normal user accounts to login. If it is appropriate

to allow only certain users to log in via SSH (e.g. user1, user2, and user3),

add the following line to the file:

AllowUsers user1 user2 user3

6. Alternatively, if it is appropriate to allow all users to login via SSH but

deny a few, add the line:

DenyUsers user1 user2 user3

7. Apple’s default configuration file specifies that only version 2 of the SSH

protcol is supported. Using only version 2 is strongly recommended, so

check that the following line exists in your installation:

Protocol 2

4.10 Exporting File Systems

Mac OS X Server offers the ability to share files with other computers on the

network. Apple's Mac OS X Server File Services Administration guide describes this

capability and its configuration.

First, file sharing services should be disabled if the system is not to act as a file

server. Second, if the system is to act as a file server, file sharing protocols must be

chosen and configured for the directories to be shared, which are called “share

points.” The current protocol choices are Apple File Protocol (AFP), Network File

UNCLASSIFIED