The system-wide configuration file of the command-line client,
ssh2_config, can be found in the installation directory (by default
C:\Program Files\SSH Communications Security\SSH Secure Shell). Copy the
ssh2_config file to directory
%ALLUSERSPROFILE%\Application Data\SSH, from where the program reads it.
To make your personal settings to the file, you should copy it to the
%USERPROFILE%\Application Data\SSH directory.
To use the FIPS-certified cryptographic library with the command-line clients, edit the
ssh2_config file and add the following option as the first item in the file (after the comments):
Both the client and the server use similar configuration data format.
The name of the GSSAPI method is
gssapi. It can be specified with the
AllowedAuthentications keyword in
sshd2_config configuration files.
There are two additional GSSAPI-related keywords:
GSSAPI.AllowedMethods specifies the actual mechanisms that are to be used through GSSAPI. Windows implements both the
NTLM mechanisms. The default value is
GSSAPI.DelegateToken is a boolean variable (with possible value of
no), which specifies whether the client requests delegating the GSSAPI authentication over several connections. The default value is
The following is a sample GSSAPI configuration from the
ssh2_config configuration file:
GSSAPI is an option in the Connect to Remote Host dialog and in the Authentication page. The configuration is stored separately for each profile.
StrictModes option can be used to make the client check the permissions and ownership of the credentials used during public-key authentication. Specifically, this checks the user's configuration directory (by default
%USERPROFILE%\Application Data\SSH) and private keys. The files and directories must be accessible only by the user, the Administrators group, and the SYSTEM account. The owner must be the user or the Administrators group.
To enable strict modes, add the following line in the
User Configuration Directory
UserConfigDirectory option can be used to specify where user-specific configuration data is found for the command-line clients. It is equal to the
-k command-line option of
The value is given as a pattern string which is expanded by
"%USERPROFILE%/Application Data/SSH" and
%U is the user's login name. The default is
To use an alternate location, specify it in the system-wide
ssh2_config file, for example by adding the following line:
Note that any configuration set in
ssh2_config affects only the command-line clients and this setting is configurable in
ssh2_config only. The GUI client uses always the "
%USERPROFILE%\Application Data\SSH" directory.
Disabling SSH1 Emulation
To disable SSH1 emulation with the command-line client, add the following line to your
%USERPROFILE%\Application Data\SSH\ssh2_config file: