Project:Infrastructure/Server SSH configuration

This guide documents how OpenSSH should be configured on Gentoo Infrastructure servers.

General Guidelines
SSH is currently the only approved method of obtaining a remote shell on a server. rsh, telnet and other insecure methods are not allowed. When configuring SSH, the following guidelines should be adhered to:


 * SSHv2 only -- never configure sshd to support version 1 of the SSH protocol. It has known weaknesses with the way it encrypts data.
 * No DSA keys -- deprecated upstream. RSA preferred for broad compatability, but ECDSA & Ed25519 also supported.
 * No root login -- remote root login is not allowed. Users should login using their regular ID and then use sudo and/or su
 * No password authentication -- where possible users should be required to use DSA keys to authenticate.