Introduction
TBC
Installation
Packages used by Blue Light:
- ssh (metapackage). Seen on ac001.blue; don't know if this is standard on all systems.
Configuration
Individual user
~/.ssh/config
Standard start of file (proposed):
# User-specific ssh client configuration
# Documentation: ssh_config man page
# Default values (may be explicitly listed below for visibility):
# - Protocol 2 (important; many options are protcol-specific)
# - ServerAliveCountMax 3
Host *
Compression yes
Protocol 2
SendEnv LANG LC_*
ServerAliveInterval 15
ServerAliveCountMax 3
Explanation of some of the recommended changes
- Compression yes enhances throughput, as long as the CPU is not slow or overloaded.
Server
Problem analysis
Messages
fatal: no matching cipher found
Beleive to be an attack. No action required.
PAM 5 more authentication failures; logname= ...
Has been fixed by the standard Blue Light /etc/ssh/sshd_config configuration line
UsePAM no
PAM service(sshd) ignoring max retries ...
Has been fixed by the standard Blue Light /etc/ssh/sshd_config configuration line
UsePAM no
User * not allowed because account is locked
Documented in ssh passwordless login
Reference
Files and directories
TBC
Documentation
TBC