/etc/ssh
The /etc/ssh
directory contains configuration files and keys for the SSH (Secure Shell) service on a Unix-like system. This directory is critical for managing SSH server settings, including authentication methods, security policies, and key management. Here is a detailed overview of the main files and their purposes found in this directory:
Key Files in /etc/ssh
/etc/ssh
sshd_config
:Purpose: The main configuration file for the SSH daemon (
sshd
), which defines the server's settings.Location:
/etc/ssh/sshd_config
Common Settings: Port number, authentication methods, root login permissions, and more.
Example:
ssh_config
:Purpose: The configuration file for the SSH client (
ssh
), which specifies default options for SSH connections.Location:
/etc/ssh/ssh_config
Common Settings: Default user, port, and other options used by the
ssh
client.Example:
ssh_host_rsa_key
:Purpose: The private RSA key used by the SSH server for RSA key-based authentication.
Location:
/etc/ssh/ssh_host_rsa_key
Permissions: Should be read/write for root only (
600
).
ssh_host_rsa_key.pub
:Purpose: The public RSA key corresponding to the private RSA key.
Location:
/etc/ssh/ssh_host_rsa_key.pub
Permissions: Should be readable by everyone (
644
).
ssh_host_ecdsa_key
:Purpose: The private ECDSA key used by the SSH server for ECDSA key-based authentication.
Location:
/etc/ssh/ssh_host_ecdsa_key
Permissions: Should be read/write for root only (
600
).
ssh_host_ecdsa_key.pub
:Purpose: The public ECDSA key corresponding to the private ECDSA key.
Location:
/etc/ssh/ssh_host_ecdsa_key.pub
Permissions: Should be readable by everyone (
644
).
ssh_host_ed25519_key
:Purpose: The private Ed25519 key used by the SSH server for Ed25519 key-based authentication.
Location:
/etc/ssh/ssh_host_ed25519_key
Permissions: Should be read/write for root only (
600
).
ssh_host_ed25519_key.pub
:Purpose: The public Ed25519 key corresponding to the private Ed25519 key.
Location:
/etc/ssh/ssh_host_ed25519_key.pub
Permissions: Should be readable by everyone (
644
).
ssh_known_hosts
:Purpose: Contains the host keys of known SSH servers. Used by the SSH client to verify the identity of the server.
Location:
/etc/ssh/ssh_known_hosts
Permissions: Should be readable by everyone (
644
).
moduli
:Purpose: Contains a list of DH (Diffie-Hellman) groups used for key exchange. This file is used by the SSH server and client to select appropriate key exchange parameters.
Location:
/etc/ssh/moduli
Permissions: Should be readable by everyone (
644
).
ssh_config.d/
:Purpose: Directory for additional SSH client configuration snippets. It allows for modular configuration management.
Location:
/etc/ssh/ssh_config.d/
Permissions: Should be readable by everyone (
755
).
sshd_config.d/
:Purpose: Directory for additional SSH server configuration snippets. Similar to
ssh_config.d/
, but for the SSH server.Location:
/etc/ssh/sshd_config.d/
Permissions: Should be readable by everyone (
755
).
Example Configuration Files
/etc/ssh/sshd_config
:
/etc/ssh/ssh_config
:
Permissions
Private Key Files: Should be owned by root and have permissions set to
600
to prevent unauthorized access.Public Key Files: Should be world-readable (
644
), as they need to be accessed by clients.Configuration Files: Typically world-readable (
644
), but ownership should be set to root.
Summary
The /etc/ssh
directory is crucial for configuring SSH services on a Unix-like system. It contains key files for server authentication, configuration files for both client and server, and directories for modular configuration. Proper configuration and security of these files are essential for maintaining secure SSH communications and preventing unauthorized access.
Last updated