This guide documents how OpenSSH should be configured on Gentoo Infrastructure servers.
Gentoo Infrastructure guidelines for running SSH
SSH is currently the only approved method of obtaining a remote shell on a server. rsh, telnet and other insecure methods are not allowed. When configuring SSH, the following guidelines should be adhered to:
- SSHv2 only -- never configure sshd to support version 1 of the SSH protocol. It has known weaknesses with the way it encrypts data.
- DSA keys -- DSA keys are preferred over RSA keys
- No root login -- remote root login is not allowed. Users should login using their regular ID and then use sudo and/or su
- No password authentication -- where possible users should be required to use DSA keys to authenticate.
Unless specified above, the default values used in /etc/ssh/sshd_config are acceptable and should not be overridden without prior approval from the Gentoo Infrastructure project manager.
This article is based on a document formerly found on our main website gentoo.org.
The following people have contributed to the original document: klieber
They are listed here as the Wiki history does not provide for any attribution. If you edit the Wiki article, please do not add yourself here, your contributions are recorded on the history page.