By default login is allowed for all users via the ssh daemon on port 22 with any valid username and password combination.
Funtoo uses the OpenSSH daemon to provide the SSH service by default.
sshd is a member of OpenRC's default runlevel.
There are 2 means of configuring
sshd. The first is required, the second is optional.
sshdreads its configuration data from
sshdmay be configured to use PAM.
Permission may be granted or denied via PAM, allowing you to store usernames etc. using text files.
There are 3 means of authenticating a client
- Password authentication
This is enabled by default, it is configured using the
PasswordAuthenticationdirective. Valid parameters are
PasswordAuthentication yesis configured, the state of the
PermitEmptyPasswordsdirective is also considered.
- Public key authentication
- Host-based authentication
Password authentication using
The following 4 directives are listed in order of evaluation by OpenSSH. They are configured directly; within
sshd_config. Only user or group _names_ are valid, numerical IDs are not recognized. If the pattern takes the form
USER@HOST then access is restricted to the
USER when originating from the
DenyUsers PATTERN PATTERN ...
- Login is forbidden for users whose username matches one of the patterns
AllowUsers PATTERN PATTERN ...
- Login is permitted to users whose username matches one of the patterns
DenyGroups PATTERN PATTERN ...
- Login is forbidden for users whose primary group or supplementary group list matches one of the patterns
AllowGroups PATTERN PATTERN ...
- Login is permitted to users whose primary group or supplementary group list matches one of the patterns
Public key authentication
Host based authentication
Controlling root access
Access by the root user can be controlled using the
Permit empty passwords
Access to accounts with empty (i.e. blank) passwords can be controlled using the
GSSAPIAuthenticaion GSSAPICleanupCredentials GSSAPIStrictAcceptorCheck HostBasedAuthentication HostBasedUsesNameFromPacketOnly HostCertificate HostKey HostKeyAgent LoginGraceTime MAC MaxAuthTries MaxSessions MaxStartups PasswordAuthentication PermitEmptyPasswords PubkeyAuthentication RevokedKeys RhostsRSAAuthentication RSAAuthentication TrustedUserCAKeys UseLogin UsePAM
By default X11 forwarding is disabled in OpenSSHd,
If you would like to forward X11 from your Funtoo box to a remote system you must first edit your /etc/ssh/sshd_config file
#X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes
X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yesX forwarding will now be enabled from that machine, so if you connect from your remote with 'ssh -X <user>@<ipaddress>' X sessions will be forwarded