Project:Infrastructure/Server SSH configuration

This guide documents how OpenSSH should be configured on Gentoo Infrastructure servers.

General
SSH is currently the only approved method of obtaining a remote shell on a server. ,, and other insecure methods are not permitted. When configuring SSH, the following guidelines should be adhered to:


 * SSHv2 only : Never configure to support version 1 of the SSH protocol. It has known weaknesses with the way it encrypts data.
 * No DSA keys : Deprecated upstream. RSA preferred for broad compatibility, but ECDSA and Ed25519 also supported.
 * No root login : Remote root login is not allowed. Users should login using their regular ID and then use or.
 * No password authentication : Where possible users should be required to use DSA keys to authenticate.