42.6. Editing Client Host Options

Although the SSH Server module is primarily for configuring an SSH server, it also lets you set options that apply to all client connections made from your system using the ssh and scp commands. Options can be set for connections to all hosts, or just to a specific one. You can set the port to which to connect, the protocol to use, and local and remote ports to forward.

The settings made in this module apply to all users on your system, but can be overridden by individual users who edit their ~/.ssh/config files. This can be done manually or using Usermin, which has an SSH Client module with an identical interface to the one documented here for editing global client settings. Many of the settings do not make much sense to set for all users, even though it is possible to do so using Webmin. For this reason, the instructions in this section only cover fields that are useful on a global level.

To define settings for connections to a specific host, follow these steps:

1.
On the module's main page, click on the Client Host Options icon. A page containing one icon for each of the hosts for which options have been set will be displayed. Unless you have used this page before, only the special All hosts icon will appear, which can be clicked on to edit options for connections to any host.

2.
Click on the Add options for client host link at the bottom of the page to bring up a form for specifying a host and the options that apply to it. All of the fields on this form have a Default option, which, if selected, indicates that the setting for all hosts should be used instead. This allows you to define options globally, and then override them on a per-host basis.

3.
In the Options for host field, enter the name of the host (as used in the ssh command line) to which the options will apply. Wildcards can be used. For example, you could enter *.webmin.com to match any host in the webmin.com domain. Remember that the name must match that used by users in the ssh or scp command, so if you enter foo and a user runs ssh foo.example.com, the options will not apply even though both names would resolve to the same IP address. For this reason, you may want to enter the hostname as foo* to catch both possibilities.

4.
To have SSH clients connect to a different hostname, fill in the Real hostname to connect to field. This could be useful if combined with the Port to connect to field to secretly redirect user connections to a specific host to a port on another address which is actually a tunnel to the actual destination.

5.
To force clients to use a different port by default, fill in the Port to connect to field. This is useful if the SSH server on a particular host runs on a different port from the usual 22, and you want to avoid the need to explicitly specify the port in every ssh and scp command.

6.
The SSH client normally treats the ~ (tilde) character as an escape that indicates that the next character entered by the user is actually a command for the ssh program itself. For example, ~. closes the connection, and ~^Z suspends the program. The Escape character field can be used to specify some different character by selecting the third radio button and entering a single character into the adjacent text box. You can also turn off escape support altogether by selecting None. This latter option is useful if you are using the ssh command to transfer binary data that may contain a tilde.

7.
By default, the SSH client and server will compress and uncompress data sent between them, which can speed up large transfers of text or other compressible data. Sometimes, however, this can actually slow things down or be a useless waste of CPU time, for example, if you are using scp to copy lots of GIF files or always connecting to the host over a fast network. To turn off compression, change the Compress SSH traffic? field to No.

If compression is enabled, the Compression level menu controls the trade off between CPU utilization and the amount of bandwidth used. If 1 is selected, very little compression is done, whereas if 9 is chosen, a lot more CPU time will be expended on reducing the actual amount of data transferred.

These fields and those in the next two steps are not available if your system is running SSH version 3 or above.

8.
By default, SSH clients will use the privileged source port 22 when connecting, which indicates to the server that it is a trusted program and thus can be relied on to provide correct information about the user running it. This is necessary for rlogin-style authentication to work, but unfortunately many networks have their firewalls configured to block connections with privileges source ports, which completely blocks SSH. To have the clients use a normal port instead, select No for the Use privileged source ports? field. Unless you are using host-based authentication, this will cause no harm.

9.
To set the SSH protocol versions that clients will try when connecting to this server, choose Selected in the Try SSH protocols field and check the ones to try. The default is to try them both.

10.
Hit the Create button at the bottom of the page to save the new per-host settings. They will be used by all new client connections made from your system from now on.

After a set of host options is created, an icon for the host will appear on the Client Host Options page. You can click on this icon to bring up its editing form, make changes to the same fields, and hit the Save button. To remove the host and have connections to it revert to the default options, hit Delete on the same form. It is also possible to change the defaults that apply to all connects by clicking on the special All hosts icon and making changes on the form that appears. Of course, some fields do not really make sense in this context, such as Real hostname to connect to and Port to connect to, and so should not be used.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.146.176.254