Client Configuration Parameters
» Table of Contents |  |  | » Glossary | | | » Index | | |
| | |
| ||
| ||
Some of the client configuration parameters that you can modify are as follows:
AllowedAuthentications
Allowed values: hostbased, password, publickey, gssapi-with-mic, kerberos-2@ssh.com, kerberos-tgt-2@ssh.com Default: hostbased,password,publickey Description: Specifies the authentication methods the client will attempt, in the order they will be presented to the server. The keyword all is equivalent to publickey, password, hostbased. The keyword none explicitly disables all SSH authentication methods.
DefaultDomain
Specifies the fully qualified domain name for the local host.
ForwardX11
Enables X11 port forwarding (the default). To disable the SSH client from allowing X11 port forwarding, set this parameter to No.
GssapiDelegateCredentials
Delegates the user's credentials to the SSH server.
NumberOfHostkeyCopyPrompts
Allowed values: an integer greater than 0 Default: 3 Description: Specifies the number of times the client user gets prompted to answer yes or no when asked about continuing to start an SSH session, if there is no host key and the value of StrictHostKeyChecking is ask. NumberOfPasswordVerificationPrompts
Allowed values: An integer greater than 0 Default: 3 Description: Specifies the number of times the client user is allowed to fail verification of the new password when forced to change it on login. Applies to OpenVMS-to-OpenVMS connections only. This number must be at least 2 to support second passwords. port
Allowed values: An integer value. Default: 2 Description: Specifies the port number that SSH listens on. If you change the port number, you must explicitly disable and then reenable the SSH server process with the correct port number. For example, to change the port number to 2222, enter the following commands:
$ tcpip disable service ssh $ tcpip set noservice ssh $ tcpip set service ssh /port=2222 /proc=tcpip$ssh/user=tcpip$ssh — _$ /file=tcpip$system:tcpip$ssh_run.com /proto=tcp/limit=10000 — _$ /log=(all,file=tcpip$ssh_device:[tcpip$ssh]tcpip$ssh_run.log) $ tcpip enable service ssh
PubkeyPassphraseGuesses
Allowed values: An integer greater than 0 Default: 3 Description: Specifies the number of guesses the client user is allowed for the passphrase associated with public/private key pair. Used for public-key authentication method only. The value of this option affects connections to servers on all platforms, including those on different SSH implementations that may have problems associated with passphrase entry. When the value is different on an OpenVMS client and the associated OpenVMS server, the lower value takes precedence. Each prompt for passphrase is of the following format: Passphrase for key "ssh2/KAREN-SELFDBOB_SQA_UCX_ABC_ACME_COM"with comment "1024-bit dsa, karen@dbob.sqa.ucx.abc.acme.com,Wed May 21 2003 12:42:14": If the user enters an incorrect passphrase, the prompt appears the number of times specified for the PubkeyPassphraseGuessesoption. StrictHostKeyChecking
Controls what happens if the server's public host key file is either invalid or not found in either the user's [username.SSH2.HOSTKEYS] directory or the systemwide directory TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2.HOSTKEYS]. The filename is in the format KEY_portnumber_hostname.PUB, where portnumber is the port number used to establish the SSH session (22 by default), and hostname is the host name used by the client user to establish the session. This parameter accepts the following values:
yes -- Causes authentication to fail if the file is not found.
no -- Causes the SSH client to create the [username.SSH2.HOSTKEYS] subdirectory (if it does not exist), and copies the SSH server's public key file into this subdirectory automatically.
ask -- Causes the SSH server to prompt the user for a copy of the server's public host key. This is the default. The prompt appears as follows:
Are you sure you want to continue connecting (yes/no)?
If you respond with yes, and the existing key file is invalid, the user is also prompted as follows:
Do you want to change the host key on disk (yes/no)?
Xauthpath
Allowed values: OpenVMS file specification Default: SYS$SYSTEM:DECW$XAUTH.EXE Description: Specifies the path name of the Xauthentication executable file.