|
|
|
Secure Shell Settings and the Config File
Technical Note 2120
Last Reviewed 02-Nov-2007
Applies To
Reflection for Secure IT Windows Client version 6.1
All Reflection Products version 14.0
All Reflection Products version 13.0.4 or higher
Summary
Technical Note 2120
Last Reviewed 02-Nov-2007
Applies To
Reflection for Secure IT Windows Client version 6.1
All Reflection Products version 14.0
All Reflection Products version 13.0.4 or higher
Summary
This technical note lists the Secure Shell (ssh and ssh2) connection settings and command line terminal settings available in Reflection products. These settings can be used in a Secure Shell settings files, enabling you to save security settings in a config file.
For information about types of settings files and how to manage and deploy settings in Reflection for Secure IT, see Technical Note 1894.
SSH and SSH2 Connection Settings
The following table lists all of the ssh/ssh2 connection settings that can be used in a Reflection Secure Shell config file.
| Settings |
Value Options |
Default Value |
| BindAddress |
<IP address> |
"" |
| ChallengeResponseAuthentication |
<Yes | No> |
Yes |
| CheckHostIPBindAddress |
<Yes | No> |
Yes |
| Cipher |
<blowfish | 3des | des> |
3des |
| Ciphers |
<Comma delimited ciphers list> |
aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour aes192-cbc aes256-cbc |
| ClearAllForwardings |
<Yes | No> |
No |
| Compression |
<Yes | No> |
No |
| CompressionLevel |
<decimal 1 to 9> |
6 |
| ConnectionAttempts |
<decimal number> |
1 |
| ConnectionReuse |
<Yes | No> |
No |
| DisableCRL |
<Yes | No> |
No |
| DynamicForward |
<port> |
"" |
| EscapeChar |
<single character | single letter | None> |
~ |
| FipsMode |
<Yes | No> |
No |
| ForwardAgent |
<Yes | No> |
No |
| ForwardX11 |
<Yes | No> |
Yes |
| GatewayPorts |
<Yes | No> |
No |
| GlobalKNownHostsFile |
<path\filename> |
"" |
| GssapiAuthentication |
<Yes | No> |
No |
| GssapiDelegateCredentials |
<Yes | No> |
Yes |
| GssapiUseSSPI |
<Yes | No> |
No |
| GssServicePrincipal |
<myhost.myrealm.com@MYREALM.COM> |
"" |
| Host |
<host name | host name with wildcards> |
"" |
| HostKeyAlgorithms |
<algorithms in order> |
ssh-rsa ssh-dss |
| HostKeyAlias |
<alias host key name> |
"" |
| IdentityFile |
<full path to identity file> |
"" |
| KbdInteractiveAuthentication |
<Yes | No> |
Yes |
| KeepAlive |
<Yes | No> |
Yes |
| KerberosAuthentication |
<Yes | No> |
No |
| KerberosTgtPassing |
<Yes | No> |
No |
| LocalForward |
<host:hostport. [FTP=0|1] [RDP=0|1] ["ExecutableFile" [args]]> |
"" |
| LogLevel |
<QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3> |
INFO |
| Macs |
<macs in comma separated order> |
hmac-md5 hmac-sha1 hmac-ripemd160 hmac-sha1-96 hmac-md5-96 None |
| MatchHostName |
<Yes | No> |
Yes |
| Multihop |
<localport host:hostport> |
"" |
| NumberOfPasswordPrompts |
<decimal number of prompts> |
3 |
| PasswordAuthentication |
<Yes | No> |
Yes |
| Port |
<decimal number> |
22 |
| PreferredAuthentications |
<authentication methods in order> |
publickey,keyboard interactive,password Or, if gssapi is enabled, the default value is: gssapi-with-mic external-keyex gssapi publickey keyboardinteractive password |
| Protocol |
<1 | 2 | 2,1 | 1,2 > |
2,1 |
| Proxy |
Proxy SOCKS |
"" |
| PubkeyAuthentication |
<Yes | No> |
Yes |
| RemoteForward |
<port number host:port number> |
"" |
| RSAAuthentication |
<Yes | No> |
Yes |
| ServerAlive |
<Yes | No> |
No |
| ServerAliveInterval |
<time interval in seconds> |
30 |
| SftpBufferLen |
<buffer length decimal number> |
32768 |
| SftpMaxRequests |
<maximum requests decimal number> |
10 |
| StrictHostKeyChecking |
<Yes | No |ask> |
Ask |
| User |
<username> |
"" |
| UserKNownHostsFile |
<filename> |
"" |
SSH and SSH2 Command Line Terminal Settings
The following table lists all of the ssh/ssh2 command line terminal settings that can be used in a Reflection Secure Shell config file.
| Parameter |
Value Options |
Default Value |
| AnswerBackMessage |
"string" |
null string |
| AutoAnswerback |
< Yes | No> |
No |
| AutoWrap |
< Yes | No> |
No |
| BackspaceKeyIsDel |
< Yes | No> |
No |
| CursorKeyMode |
< Yes | No> |
No |
| CursorStyle |
<blockblink | lineblink> |
lineblink |
| CursorVisible |
< Yes | No> |
Yes |
| DisplayCols |
<number of columns> |
80 |
| DisplayRows |
<number of rows> |
24 |
| DynamicTerminalSize |
< Yes | No> |
No |
| HostCharacterSet |
<host character set> |
PC437_English For a complete list of supported host character sets, search Help for topic "Configuration File Keyword Reference - Terminal Emulation Settings" |
| InsertMode |
< Yes | No> |
No |
| InverseVideo |
< Yes | No> |
No |
| KeyBoardActionMode |
< Yes | No> |
No |
| MarginBell |
< Yes | No> |
Yes |
| NewLine |
< Yes | No> |
No |
| NRCSet |
<National Replacement Character set> |
ASCII For a complete list of supported National Replacement Character sets, search Help for topic "Configuration File Keyword Reference - Terminal Emulation Settings" |
| NumericKeyPadMode |
< Yes | No> |
No |
| OriginMode |
< Yes | No> |
No |
| SevenBitControls |
< Yes | No> |
Yes To transmit C1 controls set SevenBitControls = No, set the HostCharacterSet to either DECMultinational or one of the ISOLatin characters sets. |
| TerminalModel |
<vt52 | vt102 | vt220> |
Vt220 |
| TermType |
<vt<value> | xterm | user-specified> |
Vt100 |
| UseNRC |
< Yes | No> |
No |
| UseANSIColor |
< Yes | No> |
Yes |
| WarningBell |
< Yes | No> |
No |
