SSH Tectia

Configuring SSH Tectia Server 4.x (Unix)

To create a new configuration for SSH Tectia Servers on Unix:

  1. Click Configurations → Edit Configurations on the menu.

  2. Click the SSH Tectia 4.x tab and click the SSH Tectia Server (UNIX) folder.

  3. Click the Add new button to add a new SSH Tectia Server configuration.

  4. The server configuration edit page opens. See Figure 8.7. Click the tabs to move between the different settings pages. Click the configuration option name to get help on its meaning, or refer to SSH Tectia Server documentation.

    Editing the SSH Tectia Server 4.x (Unix) configuration

    Figure 8.7. Editing the SSH Tectia Server 4.x (Unix) configuration

  5. Click Save when you have finished editing the settings.

  6. The changes you made (as compared to the default settings) are displayed and you are asked to confirm them. Click Yes to save the changes, or click No to go back to editing the configuration.

To edit an existing configuration:

  1. Click Configurations → Edit Configurations on the menu.

  2. Click the SSH Tectia 4.x tab and click the SSH Tectia Server (UNIX) folder.

  3. Click a configuration name and click Edit.

  4. Edit the configuration as necessary. For example:

    Forward access control list configuration for SSH Tectia Server 4.x (Unix)

    Figure 8.8. Forward access control list configuration for SSH Tectia Server 4.x (Unix)

  5. Click Save when ready.

  6. The changes you made are displayed and you are asked to confirm them. Click Yes to save the changes.

Special Fields

/etc/nologin

This setting can be found in the 1. General tab by clicking the Advanced button. The last field on the Advanced page is /etc/nologin.

If you want to prevent users from logging in to the system during a maintenance period or break, it is possible to deploy a configuration including a setting that prevents login through Secure Shell.

If a message has been defined, all non-root logins to hosts using this configuration are denied, and the message is displayed to the users. This option should be used with great care, since it prevents normal logins.

The Management Agent will save the file /etc/nologin on the managed host. To return back to normal operation and to enable logins, deploy a configuration with an empty value in the field /etc/nologin.

BannerMessageFile

This setting can be found under the 1. General tab. On this page, there is a text field labeled BannerMessageFile.

If you want to show a standard message to the users logging on to the managed host, you may define a banner message in your configuration.

If a message has been defined, it will be displayed to the users logging in (the exact view depends on the client software used). However, some clients may ignore any text sent before the authentication.

The Management Agent will save the banner message file (/etc/ssh2/sshbannermessage by default) on the managed host. To return back to logins without the message shown, deploy a configuration with an empty BannerMessageFile field.

SSH Tectia Server Configuration File on Unix

The default location of the SSH Tectia Server configuration file is:

/etc/ssh2/sshd2_config

See SSH Tectia Server for a list of SSH Tectia Server parameters that are configurable in SSH Tectia Manager.