SSH Global Settings

SSH Global Settings file

As you probably know all the SSH related settings are inside one particular text file called “sshd_config” and that file is located in the following directory.

/etc/ssh

The following image clearly shows a typical Linux’s folder structure for you to see where the SSH global settings file is located.

SSH global config file location

How to know it actually is a text file?

One of the natural questions that may arise when working on Linux machines is how to know beforehand if a file that I want to open is actually a file that I’m going to be able to open, as for example a text file and not a binary file (machine’s language)which content is not human readable.

If you want to know which type of file you are dealing with you can use the “file” command, as follow.

file sshd_config

Opening the Global SSH configuration file

Those of you who are CLI/terminal fans will prefer to open this file using, let’s say, “vi”, “nano”, etc. and that’s perfectly fine, in our case we are going to take advantage of the GUI provided by WinSCP.

Opening the Global SSH settings file using WinSCP

The preceding animation shows how easy is to open a text file using the GUI provided by WinSCP, it is just a matter of finding the file and double clicking over it, one important thing to mention is that we’ve used a WinSCP bookmark to accelerate to finding of the file, you can take a look at this article to learn how to create a WinSCP bookmark.

Important settings to know about

The “sshd_config” file is packed with much ssh settings, it would be impossible to cover each one of them, what we’re going to do instead is to just mention and discuss the ones we consider as the most relevant for our LAB and also future real life scenario, the following image show all of them.

SSH port number

For a LAB environment we can leave the port number as it is by default, that is port number 22, for a real life scenario you may want to change this number for security reason, in that case the only thing to do is to remove the “#” symbol (which tell the system this line must be considered as a comment) and change the port number.

For RedHat based systems (like CentOS) If you want to change the port do not forget to set SELinux accordingly.

SSH root login

Root account login is not a good practice on real life scenarios, but you can perfectly allow the root account to be able to login on your LAB, in order to do that be sure to remove the “#” symbol and type the word “yes”.

SSH PubkeyAuthentication

Those of you who want to enable Public Key Authentication as a valid authentication method, must change this parameter accordingly.

SSH AuthorizedKeysFile

The Authorized Keys File parameter tells the system where is located (on which directory) and what is the name of the file containing all the authorized keys (public keys).

SSH authorized keys file

As you can see in the preceding image the name of the file containing all the authorized keys is “authorized_keys” and the default folder is called “.ssh” located in the user’s home directory (%h).

SSH PasswordAuthentication

Most of the times, in real world scenarios you want to disable the password authentication method, once you’re using the Public Key Authentication which is more secure.