Manualshelf

User's Manual

ManualsBrandsSolaris ManualsWokSolaris Wok CX-310-301 1
68697071727374757677
Solaris 9 Security CX-310-301 75
¾ ssh – Secure session connection to replace telnet
¾ scp – Secure copy of files between hosts
¾ sshd – The server daemon that processes requests from clients
¾ ssh-agent – The authentication agent that holds the “keys”
¾ ssh-add – This registers new keys with the agent
¾ ssh-keygen – Used to create a new pair of keys for the client and server authentication
Configuring the Server
The SSH server uses the configuration file /etc/ssh/sshd_config. In this file you can configure such aspects
as:
¾ The SSH protocols to use (1 or 2, or both)
¾ The port to listen on (normally 22), but a nonstandard port could be configure here
¾ The location for the storage of the keys
¾ Allow or disable X11 port forwarding
¾ Allow or disable other forms of authentication (such as .rhosts )
Starting and Stopping SSHD
The ssh server (sshd) is started and stopped via a startup script in /etc/rc3.d called S89sshd, which is a link
to /etc/init.d/sshd.
Configuring the Client
The client is configured using the configuration file /etc/ssh/ssh_config. You can configure the following
options:
¾ The type of authentication used
¾ The port to be used for ssh to communicate
¾ The location of the files to store client keys
¾ The encryption algorithm to use. This is determined by the client not the server
¾ Configure specific host options. For example, some hosts could be configured to communicate on
different ports
¾ Prevent access. Normally a host that is not known produces a warning, but unknown connections
can be prevented instead