Project:Infrastructure/SSH Configuration

From Gentoo Wiki
Jump to: navigation, search

This guide documents how OpenSSH should be configured on Gentoo Infrastructure servers.

Gentoo Infrastructure guidelines for running SSH

General Guidelines

SSH is currently the only approved method of obtaining a remote shell on a server. rsh, telnet and other insecure methods are not allowed. When configuring SSH, the following guidelines should be adhered to:

  • SSHv2 only -- never configure sshd to support version 1 of the SSH protocol. It has known weaknesses with the way it encrypts data.
  • DSA keys -- DSA keys are preferred over RSA keys
  • No root login -- remote root login is not allowed. Users should login using their regular ID and then use sudo and/or su
  • No password authentication -- where possible users should be required to use DSA keys to authenticate.
Unless specified above, the default values used in /etc/ssh/sshd_config are acceptable and should not be overridden without prior approval from the Gentoo Infrastructure project manager.

This article is based on a document formerly found on our main website
The following people have contributed to the original document: klieber
They are listed here as the Wiki history does not provide for any attribution. If you edit the Wiki article, please do not add yourself here; your contributions are recorded on the history page.