to have compression, it should survive with poor internet, and other good f=
eatures which can make it a good ssh server.
Hi,

maybe you can read this discussion

http://www.governmentsecurity.org/forum/index.php?showtopic=3D6051

and for sure take a lokk to the official documentation

http://www.openbsd.org/cgi-bin/man.cgi?query=3Dsshd_config&sektion=3D5

Bye

--=20
Matteo Filippetto

On Mon, 13 Jul 2009 10:00:52 +0200
Thanks for your response but I have not found yet what I'm looking for. I need the configuration which actually suppress the hostname and the domain/IP on client side. client will only be prompted for password. The second thing the sshd should allow the client to be connected even half an hour with out executing any command. Any such configuration in openssh ?

Thanks

need the configuration which actually suppress the hostname and the domain=
/IP on client side. client will only be prompted for password. The second t=
hing the sshd should allow the client to be connected even half an hour wit=
h out executing any command. Any such configuration in openssh ?
Hi,

if you read this
http://www.openbsd.org/cgi-bin/man.cgi?query=3Dsshd_config&sektion=3D5

you will find some options like

Banner The contents of the specified file are sent to the remote user
before authentication is allowed. If the argument is ``none''
then no banner is displayed. This option is only available fo=
r
protocol version 2. By default, no banner is displayed.

TCPKeepAlive
Specifies whether the system should send TCP keepalive message=
s
to the other side. If they are sent, death of the connection =
or
crash of one of the machines will be properly noticed. Howeve=
r,
this means that connections will die if the route is down tem-
porarily, and some people find it annoying. On the other hand=
,
if TCP keepalives are not sent, sessions may hang indefinitely=
on
the server, leaving ``ghost'' users and consuming server re-
sources.

The default is ``yes'' (to send TCP keepalive messages), and t=
he
server will notice if the network goes down or the client host
crashes. This avoids infinitely hanging sessions.

To disable TCP keepalive messages, the value should be set to
``no''.


and for client (http://www.openbsd.org/cgi-bin/man.cgi?query=3Dssh_config&s=
ektion=3D5)

ServerAliveCountMax
Sets the number of server alive messages (see below) which may=
be
sent without ssh(1) receiving any messages back from the serve=
r.
If this threshold is reached while server alive messages are b=
e-
ing sent, ssh will disconnect from the server, terminating the
session. It is important to note that the use of server alive
messages is very different from TCPKeepAlive (below). The ser=
ver
alive messages are sent through the encrypted channel and ther=
e-
fore will not be spoofable. The TCP keepalive option enabled =
by
TCPKeepAlive is spoofable. The server alive mechanism is valu=
-
able when the client or server depend on knowing when a connec=
-
tion has become inactive.

The default value is 3. If, for example, ServerAliveInterval
(see below) is set to 15 and ServerAliveCountMax is left at th=
e
default, if the server becomes unresponsive, ssh will disconne=
ct
after approximately 45 seconds. This option applies to protoc=
ol
version 2 only.

ServerAliveInterval
Sets a timeout interval in seconds after which if no data has
been received from the server, ssh(1) will send a message thro=
ugh
the encrypted channel to request a response from the server. =
The
default is 0, indicating that these messages will not be sent =
to
the server. This option applies to protocol version 2 only.

TCPKeepAlive
Specifies whether the system should send TCP keepalive message=
s
to the other side. If they are sent, death of the connection =
or
crash of one of the machines will be properly noticed. Howeve=
r,
this means that connections will die if the route is down tem-
porarily, and some people find it annoying.

The default is ``yes'' (to send TCP keepalive messages), and t=
he
client will notice if the network goes down or the remote host
dies. This is important in scripts, and many users want it to=
o.

To disable TCP keepalive messages, the value should be set to
``no''.


Bye
--=20
Matteo Filippetto

On Mon, 13 Jul 2009 10:00:52 +0200
Thanks for your response but I have not found yet what I'm looking for. I need the configuration which actually suppress the hostname and the domain/IP on client side. client will only be prompted for password. The second thing the sshd should allow the client to be connected even half an hour with out executing any command. Any such configuration in openssh ?

Thanks

ClientAliveInterval <time interval in seconds>
ClientAliveCountMax 0

That should do for the time settings :)

Remo

On Tue, 14 Jul 2009 11:05:20 -0600
Thanks a lot Remo.
Hope you don't mind if I insist on you to also show how to set the sshd deamon so that

1> it forces the client to follow compression
2> Suppress the host and IP information on client side

Is there any such time settings possible on host side ( in ssh_conf ? )

Wish you a nice time.

The idle logout, isn't sshd. It is the shell. Look into the "autologout"
environment veriable for bash.

As for the client password prompt, that is not controllable from the
server side, without dropping everything and going for
"keyboard interactive" authentication. For that, you will have to
code your own authentication method.

I would suggest you provide them a public key. So here is what I would do:

1) create user/s
2) generate a public key for each user
3) use the public key for login
4) disable access unless used with public keys

Just my 2 cents.

Remo

Many NAT firewalls also have a connection timeout that affects ssh
users. Setting the ServerAliveInternal (or the corresponding server
configuration option) allows persistent ssh connections through such
firewalls, which would otherwise expire idle connections.
If I'm reading this right, you want the client to be able to reach
only one server. E.g., user types "go" and the "go" script runs
ssh ***@some.host (which is a trivial script to write).

No server configuration option would be necessary or useful in that case.

If you mean something else by "suppress the hostname and the domain/IP
on client side", then I don't understand the question.

http://www.cyberciti.biz/faq/linux-unix-login-bash-shell-force-time-outs/

Bash and Csh environments work very differently when it comes to
environment variables. The above has some guides.

Kosala

On Tue, Jul 14, 2009 at 9:04 PM, Robert Hajime
gout"
=A0 =A0 -Centauri
--=20
Kosala
--------------------------------------------
Disclaimer: Views expressed in this mail are my personal views and
they would not reflect views of the employer.
--------------------------------------------
blog.kosala.net
www.linux.lk/~kosala/
www.kosala.net

On Wed, 15 Jul 2009 13:01:15 -0400
Ok here is an example. Say there is a Host configuration as myserver in my .ssh/config file. Now if I do


```````````
# ssh myserver

***@192.168.1.100's password:
```````````````````

I like to suppress the information ***@192.168.1.100 and it should prompt only the password:
I like to know the configuration for both server side and clinet side to suppress the information; if any.

thanks

That prompt is being shown by the SSH client. You could write a script
to accept the password. Or implement a client yourself.
e
r
y .ssh/config file. Now if I do
suppress the information; if any.
--=20
warm regards,
Akash Mahajan
----------------------------------------------------------
Security Consultant, (Web / Networks /
Servers / IT/ Virtualization)
Founder Headstart Network Foundation
----------------------------------------------------------
http://www.linkedin.com/in/akashm
http://network.headstart.in
----------------------------------------------------------