Introduction

TBC

Installation

Packages used by Blue Light:

• ssh (metapackage).  Seen on ac001.blue; don't know if this is standard on all systems.

Configuration

Individual user

ssh passwordless login

SSH Agent Forwarding

~/.ssh/config

Standard start of file (proposed):

# User-specific ssh client configuration

# Documentation: ssh_config man page
# Default values (may be explicitly listed below for visibility):
# - Protocol 2 (important; many options are protcol-specific)
# - ServerAliveCountMax 3

Host *
    Compression yes
    Protocol 2 
    SendEnv LANG LC_*
    ServerAliveInterval 15
    ServerAliveCountMax 3

Explanation of some of the recommended changes

• Compression yes enhances throughput, as long as the CPU is not slow or overloaded.

Server

ssh server configuration

Problem analysis

Messages

fatal: no matching cipher found

Beleive to be an attack.  No action required.

PAM 5 more authentication failures; logname= ...

Has been fixed by the standard Blue Light /etc/ssh/sshd_config configuration line

UsePAM no

PAM service(sshd) ignoring max retries ...

Has been fixed by the standard Blue Light /etc/ssh/sshd_config configuration line

UsePAM no

User * not allowed because account is locked

Documented in ssh passwordless login

Reference

Files and directories

TBC

Documentation

TBC