Configuring the OpenSSH server

How to configuring the OpenSSH Server on Linux.

About this task

To configure the OpenSSH Server, follow these steps on each Tivoli® Netcool® Performance Manager system where SFTP is to be used:

Procedure

  1. Log in to the system as root.
  2. Change your working directory to the location where the OpenSSH Server was installed (/usr/local/etc/sshd_config by default) using the following command: 
     # cd /usr/local/etc
  3. Using the text editor of your choice, open the sshd_config file. This is an example of a sshd_config file: 
    #***************************************************************************
# sshd_config
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 22
Protocol 2
ListenAddress 0.0.0.0
HostKey /usr/local/etc/ssh_host_dsa_key
SyslogFacility AUTH
LogLevel INFO
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
PasswordAuthentication yes
ChallengeResponseAuthentication no
Subsystem sftp /usr/local/libexec/sftp-server
#****************************************************************
  4. Locate the Protocol parameter. For security purposes, it is recommended that this parameter is set to Protcol 2 as follows: 
     Protocol 2
  5. Locate the HostKeys for protocol version 2 parameter and ensure that it is set as follows: 
      HostKey /usr/local/etc/ssh_host_dsa_key
  6. Locate the PubkeyAuthentication parameter and ensure that it is set as follows: 
    PubkeyAuthentication yes
  7. Locate the PasswordAuthentication parameter and ensure that it is set as follows: 
    PasswordAuthentication yes
  8. Locate the Subsystem parameter and ensure that the SFTP subsystem and path are correct. Using defaults, the Subsystem parameter appears as follows: 
    Subsystem       sftp    /usr/local/libexec/sftp-server