Chapter 2. Configuring Secure Shell

Table of Contents

2.1. Introduction
2.2. The Client Side Configuration File
2.3. The Server Configuration File

2.1. Introduction

NetBSD ships with a Secure Shell implementation based on OpenBSD's. The default configuration of Secure Shell is done quite well, and there is little an administrator needs to actually do in most cases. Turning on the Secure Shell daemon is required, however. For posterity, we are going to take a short look at configuring it.

2.2. The Client Side Configuration File

The ssh client's configuration file is located in /etc/ssh/ssh_config. The options contained in it are named intuitively and are rather verbose. Documentation can be found in the ssh_config(5) manpage.

2.3. The Server Configuration File

The server side of SSH is configured via /etc/ssh/sshd_config. The defaults are set to high security levels by default. To enable the ssh server, put sshd=yes into /etc/rc.conf and run sh /etc/rc.d/sshd restart to start the server daemon and create any host keys if they are not already present.

One item to take note of is that the server config does not allow X11 forwarding by default, which of course on a firewall is a good thing. To enable it the administrator must change the following lines:

StrictModes no
X11Forwarding yes

Again, there is little to nothing the administrator needs to do with the Secure Shell setup unless they wish to alter the default config.