HP OpenVMS Systems Documentation

Content starts here

Client Configuration File

  Table of Contents

  Glossary

  Index

The following is an example of a typical SSH client configuration file:

# SSH CONFIGURATION FILE FORMAT VERSION 1.1
# REGEX-SYNTAX egrep
# end of metaconfig
# (do not change above lines!)

#
# File name:      SSH2_CONFIG.
# Product:        HP TCP/IP Services for OpenVMS
# Version:        T5.6-3D
#
#  Copyright 1976, 2005 Hewlett-Packard Development Company, L.P.
#

#
# ssh 3.2 client configuration information
#
# Note: ".*" is used for all hosts, but you can use other hosts as well
#
.*:

#
# HP Tru64 UNIX specific
# Secure the r* utilities (no, yes)
#
#   EnforceSecureRutils                 no

## General

    AuthenticationSuccessMsg            yes
#   BatchMode                           no
#   Compression                         no
#   DontReadStdin                       no
#   EscapeChar                          ~
#   ForcePTTYAllocation                 no
#   GoBackground                        no
#   PasswordPrompt                      "%U@%H's password: "
    PasswordPrompt                      "%U's password: "
#   QuietMode                           no
#   SetRemoteEnv                        foobar=baz
    VerboseMode                         no

## Network

    Port                                22
    NoDelay                             no
    KeepAlive                           yes
#   SocksServer                         socks://mylogin@socks.ssh.com:1080/203.123.0.0/16,198.74.23.0/24
#   UseSocks5                           no

## Crypto

    Ciphers                             AnyStdCipher
    MACs                                AnyStdMAC
#   RekeyIntervalSeconds                3600
    StrictHostKeyChecking               no


## User public key authentication

    IdentityFile                        identification
    RandomSeedFile                      random_seed

## Tunneling

#   ForwardAgent                        yes
#   ForwardX11                          yes
#   GatewayPorts                        no
#   TrustX11Applications                no
#   XauthPath                           <set by configure by default>

# Tunnels that are set up upon login

#   LocalForward                        "110:pop3.company.com:110"
#   LocalForward                        "143:imap.company.com:143"
#   LocalForward                        "25:smtp.company.com:25"
#   RemoteForward                       "3000:localhost:22"

## SSH1 compatibility

#   Ssh1InternalEmulation               yes
    Ssh1Compatibility                   no
    Ssh1AgentCompatibility              none
#   Ssh1AgentCompatibility              traditional
#   Ssh1AgentCompatibility              ssh2
#   Ssh1MaskPasswordLength              yes
#   Ssh1Path                            /usr/local/bin/ssh1

## Authentication
## hostbased, publickey, and password are allowed by default
## (least interactive method should be usually attempted first)

#   AllowedAuthentications              publickey, keyboard-interactive, password
    AllowedAuthentications              hostbased, publickey, password

## Authentication, OpenVMS-specific

#   NumberOfHostkeyCopyPrompts          3
#   NumberOfPasswordVerificationPrompts 3
#   PubkeyPassphraseGuesses             3

# For ssh-signer2 (only effective if set in the global configuration file,
# usually TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSH2_CONFIG., i.e., this file)

#   DefaultDomain                       foobar.com
    SshSignerPath                       /sys$system/tcpip$ssh_ssh-signer2

## Examples of per host configurations

#alpha.*:
#   Host                                alpha.oof.fi
#   User                                username_at_alpha
#   PasswordPrompt                      "%U:s password at %H: "
#   Ciphers                             aes

#foobar:
#   Host                                foo.bar
#   User                                foo_user