Client Configuration Parameters

 » Table of Contents

 » Glossary

 » Index

Some of the client configuration parameters that you can modify are as follows:

  • AllowedAuthentications

    Allowed values: hostbased, password, publickey, gssapi-with-mic, kerberos-2@ssh.com, kerberos-tgt-2@ssh.com
    Default: hostbased,password,publickey
    Description: Specifies the authentication methods the client will attempt, in the order they will be presented to the server.

    The keyword all is equivalent to publickey, password, hostbased. The keyword none explicitly disables all SSH authentication methods.

  • DefaultDomain

    Specifies the fully qualified domain name for the local host.

  • ForwardX11

    Enables X11 port forwarding (the default). To disable the SSH client from allowing X11 port forwarding, set this parameter to No.

  • GssapiDelegateCredentials

    Delegates the user's credentials to the SSH server.

  • NumberOfHostkeyCopyPrompts

    Allowed values: an integer greater than 0
    Default: 3
    Description: Specifies the number of times the client user gets prompted to answer yes or no when asked about continuing to start an SSH session, if there is no host key and the value of StrictHostKeyChecking is ask.
  • NumberOfPasswordVerificationPrompts

    Allowed values: An integer greater than 0
    Default: 3
    Description: Specifies the number of times the client user is allowed to fail verification of the new password when forced to change it on login. Applies to OpenVMS-to-OpenVMS connections only. This number must be at least 2 to support second passwords.
  • port

    Allowed values: An integer value.
    Default: 2
    Description: Specifies the port number that SSH listens on. If you change the port number, you must explicitly disable and then reenable the SSH server process with the correct port number.

    For example, to change the port number to 2222, enter the following commands:

    $ tcpip disable service ssh
    $ tcpip set noservice ssh
    $ tcpip set service ssh /port=2222 /proc=tcpip$ssh/user=tcpip$ssh —
    _$ /file=tcpip$system:tcpip$ssh_run.com /proto=tcp/limit=10000 —
    _$ /log=(all,file=tcpip$ssh_device:[tcpip$ssh]tcpip$ssh_run.log)
    $ tcpip enable service ssh
  • PubkeyPassphraseGuesses

    Allowed values: An integer greater than 0
    Default: 3
    Description: Specifies the number of guesses the client user is allowed for the passphrase associated with public/private key pair. Used for public-key authentication method only.
    The value of this option affects connections to servers on all platforms, including those on different SSH implementations that may have problems associated with passphrase entry.
    When the value is different on an OpenVMS client and the associated OpenVMS server, the lower value takes precedence.
    Each prompt for passphrase is of the following format: Passphrase for key "ssh2/KAREN-SELFDBOB_SQA_UCX_ABC_ACME_COM"with comment "1024-bit dsa, karen@dbob.sqa.ucx.abc.acme.com,Wed May 21 2003 12:42:14":
    If the user enters an incorrect passphrase, the prompt appears the number of times specified for the PubkeyPassphraseGuessesoption.
  • StrictHostKeyChecking

    Controls what happens if the server's public host key file is either invalid or not found in either the user's [username.SSH2.HOSTKEYS] directory or the systemwide directory TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2.HOSTKEYS]. The filename is in the format KEY_portnumber_hostname.PUB, where portnumber is the port number used to establish the SSH session (22 by default), and hostname is the host name used by the client user to establish the session. This parameter accepts the following values:

    • yes -- Causes authentication to fail if the file is not found.

    • no -- Causes the SSH client to create the [username.SSH2.HOSTKEYS] subdirectory (if it does not exist), and copies the SSH server's public key file into this subdirectory automatically.

    • ask -- Causes the SSH server to prompt the user for a copy of the server's public host key. This is the default. The prompt appears as follows:

      Are you sure you want to continue connecting (yes/no)?

      If you respond with yes, and the existing key file is invalid, the user is also prompted as follows:

      Do you want to change the host key on disk (yes/no)?
  • Xauthpath

    Allowed values: OpenVMS file specification
    Default: SYS$SYSTEM:DECW$XAUTH.EXE
    Description: Specifies the path name of the Xauthentication executable file.