Server Configuration: An Overview
As mentioned at the beginning of the chapter, the behavior of the server, sshd, may be controlled at three levels:
Compile-time configuration (Chapter 4) is accomplished when sshd is built. For example, a server may be compiled with or without support for rhosts authentication.
Serverwide configuration, the subject of this chapter, is performed by a system administrator and applies to a running instance of the server. For instance, an administrator may deny SSH access by all hosts in a given domain or make the server listen on a particular port.
Serverwide configuration may depend on compile-time configuration. For example, a server’s hostbased authentication options work only if the server is compiled with hostbased authentication support included. Otherwise, the options have no effect. We identify such dependencies throughout the book. Figure 5-1 highlights the serverwide configuration tasks.
Per-account configuration (Chapter 8) is performed by the end user, specifically, the owner of the account to which an SSH connection has been requested. For example, users may permit or deny access to their own accounts from particular hosts, overriding the serverwide configuration.
Suppose user deborah on the machine client.unc.edu invokes an SSH client. The client’s behavior is determined by several factors:
The compile-time options selected when the software was built
The machinewide client configuration file on client.unc.edu
User deborah’s own client configuration ...