|
|
|
Reflection for Secure IT Windows Server 7.0 Settings
Technical Note 2289
Last Reviewed 01-Feb-2008
Applies To
Reflection for Secure IT Windows Server version 7.0
Summary
Technical Note 2289
Last Reviewed 01-Feb-2008
Applies To
Reflection for Secure IT Windows Server version 7.0
Summary
Beginning in version 7.0, Reflection for Secure IT Windows Server settings are saved in XML format. This technical note provides an example of a server settings file, rsshd_config.xml.
Rsshd_config.xml Server Settings File
Beginning in version 7.0, server settings are saved to the rsshd_config.xml file. You should use only the Reflection SSH Server Configuration utility to change server settings. (In earlier versions it was possible, and sometimes necessary, to edit the sshd2_config file in order to enable specific server settings.) In 7.0, all keywords supported by the server can be edited in the Reflection SSH Server Configuration utility.
Note: It is useful to save copies of rsshd_config.xml for backup, to configure other servers, and to quickly compare the settings of one server with another. It is possible to view the rsshd_config.xml file in a browser or an editor of your choice; however, editing the file outside of the Reflection SSH Server Configuration utility is not recommended.
File Location
The rsshd_config.xml file location depends on the operating system.
Windows Vista:
ProgramData\Attachmate\RSecureServer\rsshd_config.xmlWindows XP:
Documents and Settings\All Users\Application Data\Attachmate\RSecureServer\rsshd_config.xmlBecause all of the keywords are created and edited by the Reflection SSH Server Configuration utility, allowed values are best viewed in that application.
Sample rsshd_config.xml
The following sample rsshd_config.xml file shows some of the keywords that may be listed in a server configuration file. It is not an exhaustive list because not all keywords are initially visible in the .xml file; keywords whose default values have not been modified may not appear in the .xml file.
Use the Reflection SSH Server Configuration utility to edit your rsshd_config.xml file.
<SshServerSettings version="7.0"> <UISettings> <ShowToolbar>true</ShowToolbar> </UISettings> <Identity> <HostKeyFile>C:\Documents and Settings\All Users\Application Data\Attachmate\RSecureServer\hostkey</HostKeyFile> <HostCertificateFile></HostCertificateFile> <HostCertificatePrivateKeyFile></HostCertificatePrivateKeyFile> <ProtocolVersionString></ProtocolVersionString> <UseComputerCertificate>false</UseComputerCertificate> </Identity> <General> <MaximumConnection>60</MaximumConnection> <IdleTimeOut>0</IdleTimeOut> <BannerMessageFile></BannerMessageFile> <IPBlockingWindowsDuration>300</IPBlockingWindowsDuration> <IPBlockingThreshold>20</IPBlockingThreshold> <IPBlockingLockoutTime>3600</IPBlockingLockoutTime> </General> <Network> <Bindings> <Binding> <ListenAddress>0.0.0.0</ListenAddress> <Port>22</Port> <RequireDNSLookup>false</RequireDNSLookup> <TCPNoDelay>false</TCPNoDelay> <TCPKeepAlive>true</TCPKeepAlive> <TCPKeepAliveTimeout>60</TCPKeepAliveTimeout> <MaxBroadcastsPerSecond>0</MaxBroadcastsPerSecond> </Binding> </Bindings> </Network> <EventLogging> <LogToEventLog>true</LogToEventLog> <EventLoggingLevel>2</EventLoggingLevel> <EventLogEvents> </EventLogEvents> </EventLogging> <DebugLogging> <LogToFile>false</LogToFile> <FileLoggingLevel>3</FileLoggingLevel> <LogFileEvents> </LogFileEvents> <LogFileFormat>0</LogFileFormat> <LogFileDirectory>C:\Documents and Settings\All Users\Application Data\Attachmate\RSecureServer\Logs</LogFileDirectory> <LogFileRollOverBySize>true</LogFileRollOverBySize> <LogFileMaximumSize>4</LogFileMaximumSize> <LogFileRollOverByTime>false</LogFileRollOverByTime> <RollOverBaseTime>0</RollOverBaseTime> <RollOverRepeatTime>24</RollOverRepeatTime> <LogFileInUnicode>true</LogFileInUnicode> <UnicodeCodePage>0</UnicodeCodePage> <LogFileWrapColumn>0</LogFileWrapColumn> </DebugLogging> <Encryption> <KeyExchange> <Diffie_Hellman_Group1_SHA1>true</Diffie_Hellman_Group1_SHA1> <Diffie_Hellman_Group14_SHA1>true</Diffie_Hellman_Group14_SHA1> <Diffie_Hellman_Gex_SHA1>true</Diffie_Hellman_Gex_SHA1> <Gss_Group1_SHA1_Kerberos>true</Gss_Group1_SHA1_Kerberos> <Gss_Gex_SHA1_Kerberos>true</Gss_Gex_SHA1_Kerberos> <RekeyIntervalSeconds>3600</RekeyIntervalSeconds> </KeyExchange> <Ciphers> <aes128-cbc>1</aes128-cbc> <aes192-cbc>2</aes192-cbc> <aes256-cbc>3</aes256-cbc> <des3-cbc>4</des3-cbc> <blowfish-cbc>5</blowfish-cbc> <cast128-cbc>6</cast128-cbc> <arcfour>7</arcfour> <NoEncryption>0</NoEncryption> </Ciphers> <MACs> <hmac-sha1>1</hmac-sha1> <hmac-md5>2</hmac-md5> <hmac-sha1-96>3</hmac-sha1-96> <hmac-md5-96>4</hmac-md5-96> <hmac-ripemd160>5</hmac-ripemd160> <NoProtection>0</NoProtection> </MACs> <Compression> <zlib>true</zlib> <none>true</none> </Compression> <FipsMode>false</FipsMode> </Encryption> <Authentication> <GraceLoginTimeout>120</GraceLoginTimeout> <RecordPasswordForCaching>false</RecordPasswordForCaching> <UsePasswordCache>false</UsePasswordCache> <Password> <PasswordAuthentication>2</PasswordAuthentication> <MaximumPasswordAttempts>3</MaximumPasswordAttempts> <PasswordAttemptDelay>2</PasswordAttemptDelay> <PermitEmptyPassword>false</PermitEmptyPassword> <PermitPasswordChange>true</PermitPasswordChange> <AllowKeyboardInteractiveAuthentication>2</AllowKeyboardInteractiveAuthentication> </Password> <PublicKeys> <AllowPublicKeyAuthentication>2</AllowPublicKeyAuthentication> <UserKeyDirectory>%D\.ssh2</UserKeyDirectory> <AuthorizationFile>authorization</AuthorizationFile> <PublicKeyMinSize>512</PublicKeyMinSize> <PublicKeyMaxSize>8192</PublicKeyMaxSize> <Certificates> </Certificates> </PublicKeys> <KeyboardInteractive> <AllowKeyboardInteractiveAuthentication>2</AllowKeyboardInteractiveAuthentication> </KeyboardInteractive> <GSSAPI> <AllowGSSAPIAuthentication>1</AllowGSSAPIAuthentication> </GSSAPI> </Authentication> <Permission> <DenyAllLogins>false</DenyAllLogins> <PermitPasswordChange>true</PermitPasswordChange> <PermitTerminalShell>true</PermitTerminalShell> <TerminalShell>"%SystemRoot%\System32\cmd.exe"</TerminalShell> <PermitExecutionRequest>true</PermitExecutionRequest> <ExecutionRequestPrefix></ExecutionRequestPrefix> <PermitSCP>true</PermitSCP> <PermitSFTP>true</PermitSFTP> <PermitC2SPortForwarding>true</PermitC2SPortForwarding> <PermitS2CPortForwarding>true</PermitS2CPortForwarding> </Permission> <Directory> <TerminalDefaultDirectory></TerminalDefaultDirectory> <SFTPRootDirectory>\\</SFTPRootDirectory> <SFTPHomeDirectory>\\</SFTPHomeDirectory> <SFTPAccessibleDirectories> </SFTPAccessibleDirectories> <MappedDrives> </MappedDrives> </Directory> <Emulation> <TerminalType>0</TerminalType> <PrivateWindowsStation>false</PrivateWindowsStation> <DoubleBackspace>false</DoubleBackspace> </Emulation> <SFTPDirectories> <AllowAll>true</AllowAll> <AccessibleDirectories> <AccessibleDirectory> <Allow>true</Allow> <VirtualDirectory>Home</VirtualDirectory> <PhysicalDirectory>%D</PhysicalDirectory> </AccessibleDirectory> </AccessibleDirectories> <UserLoginDirectory>%D</UserLoginDirectory> </SFTPDirectories> <ClientHostAccessControl> </ClientHostAccessControl></SshServerSettings> |
