Your browser does not allow storing cookies. We recommend enabling them.


Dividing the Configuration into Several Files

It is possible to divide the Tectia Server configuration into several files. You can define external XML files containing sub-configurations for example with department-specific or user-group-specific settings. This can make the configuration easier to manage as it is in smaller parts, and the sub-configuration files can be used repeatedly in several places.


Configuration files consisting of several XML-files must be maintained manually, because split configuration files cannot be edited with the Tectia Server Configuration GUI.

The sub-configuration files must be declared as external SYSTEM entities within the DOCTYPE element of the ssh-server-config.xml file. For example the entity-name below:

<!DOCTYPE secsh-server SYSTEM
   "/opt/tectia/share/auxdata/ssh-server-ng/ssh-server-ng-config-1.dtd" [

   <!ENTITY entity-name SYSTEM "sub-config-file.xml">

The defined entity can then be used in the main configuration file instead of defining all the settings there. The server configuration will read the contents of the sub-configuration file in the place of the entity. So the sub-configuration file contents must be designed so that they produce a valid XML structure in the ssh-server-config.xml file.

In this example we have a sub-configuration file named group-example-rules.xml, located in sub-directory subconfigs/, and with the following contents:

<terminal action="deny" />
<subsystem type="sftp" application="sft-server-g3" chroot="%homedir%" />
<tunnel-agent action="deny" />
<tunnel-x11 action="deny" />
<tunnel-local action="deny" />
<tunnel-remote action="deny" />

In the example below, we first declare the sub-configuration file (and its location) as an external entity in the beginning of the ssh-server-config.xml file, and then use the group-A-rules entity in the actual configuration as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE secsh-server SYSTEM
   "/opt/tectia/share/auxdata/ssh-server-ng/ssh-server-ng-config-1.dtd" [
  <!ENTITY group-A-rules SYSTEM "subconfigs/group-example-rules.xml">
    <group name="example">
         <user-group name="example"/> 
     <rule group="example">


What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now