Some useful SSH options
This thread belongs to

2015-01-09 16:48 GMT   |   #1

Comments: 14

SSH Servers

First of all, you should always restrict who may log in using ssh. To do that add the following line to your /etc/ssh/sshd_config:
AllowUsers user1 user2 user3@source-ip
If nothing else this will not enable password scanners to guess the root password.
Use the following to disable password login (and enable for example only public key login):
Match User user3
PasswordAuthentication no
The following will speed up logins:
UseDNS no
It goes in the same file, but using this option you will not see the reverse names in your auth log - which are useless anyway most of the time.

SSH Clients

Sometimes speed is more important than strong encryption, for example if you use SFTP to copy big files with not-so-secret content.
To do that open your /etc/ssh/ssh_config and add the following to the beginning:
Host somename1 somename2 192.168.*.*
    Ciphers arcfour
    Compression no
    Macs hmac-md5-96
According to my tests, this configuration speeds up on a 100mbit connection the copying from 3.3MByte/s to 9.8MByte/s where an unencrypted FTP copies with 11.2MByte/s. So it can save you a lot of time.

You can also relax the default config to every host if you want, add the following lines to your Host * section:
    Compression no
    Ciphers blowfish-cbc
    Macs hmac-md5-96
If you do add these lines there is no need to add the Compression and Macs parameters to the previous sections, these will be the default.

Last edited by perpeton at 2016-10-18 11:49 GMT