10.2. Compile-Time Configuration
In
Chapter 4, "Installation and Compile-Time Configuration", we
covered many compile-time flags for building SSH distributions.
Several
flags should be carefully set to make your
server machine maximally secure:
- -- with-etcdir=... (SSH1, SSH2)
- Make sure your etc directory is on a local disk,
not an NFS-mounted partition. If the SSH server reads a file via NFS,
the contents are transmitted in the clear across the network,
violating security. This is especially true of the host key, which is
stored unencrypted in this directory.
- -- prefix=... (SSH1, SSH2, OpenSSH)
- Likewise, make sure your SSH executables are installed on a local
disk, as they can be spoofed if loaded over NFS.
- -- disable-suid-ssh (SSH1)
- -- disable-suid-ssh-signer (SSH2)
- Our recommended serverwide configuration disables trusted-host
authentication, so there's no need for setuid permissions for
ssh1 and ssh-signer2.
- -- without-none (SSH1)
- You should disable the "none" cipher that permits
unencrypted transmissions. An intruder with access to a user account
for 10 seconds can add "Ciphers None" to its client
configuration file, silently disabling encryption for the
user's clients. If you need the none cipher for testing, build
a separate server using -- with-none and make it executable only
by the system administrator.
- -- without-rsh (SSH1, OpenSSH)
- We don't recommend allowing ssh to fall back
to rsh. You can enforce this restriction at
compile time using -- without-rsh, or at runtime in the
serverwide configuration file. The choice is yours.
- -- with-libwrap (SSH1, SSH2)
- -- with-tcp-wrappers (OpenSSH)
- libwrap affords more precise control over which
client machines are allowed to connect to your server. It also makes
port and X forwarding more flexible, since otherwise local
forwardings are available either only to the local host or from
anywhere at all. With GatewayPorts (or
ssh -g) and libwrap, you can
limit forwarding access to specific hosts. [Section 9.2.1.1, "Local forwarding and GatewayPorts"]
| | |
10. A Recommended Setup | | 10.3. Serverwide Configuration |