Configuring An Ssh Daemon With Yast - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual

for delivery. Similarly, all POP3 requests (port 110) on jupiter can be forwarded to the
POP3 port of sun with this command:
ssh -L 110:sun:110 jupiter
Both commands must be executed as root, because the connection is made to privileged
local ports. E-mail is sent and retrieved by normal users in an existing SSH connection.
The SMTP and POP3 host must be set to localhost for this to work. Additional in-
formation can be found in the manual pages for each of the programs described above
and also in the files under /usr/share/doc/packages/openssh.
14.8 Configuring An SSH Daemon with
YaST
To configure an sshd server with YaST run YaST and choose Network Services > SSHD
Configuration. Then proceed as follows:
1 On the General tab, select the ports sshd should listen on in the SSHD TCP Ports
table. The default port number is 22. Multiple ports are allowed. To add a new
port, click Add, enter the port number and click OK. To delete port, select it in
the table, click Delete and confirm.
2 On the General tab, select the features the sshd daemon should support. To disable
TCP forwarding, uncheck Allow TCP Forwarding. Disabling TCP forwarding
does not improve security unless users are also denied shell access, as they can
always install their own forwarders. See
Forwarding Mechanisms"
To disable X forwarding, uncheck Allow X11 Forwarding. If this option is dis-
abled, any X11 forward requests by the client will return an error. However users
can always install their own forwarders. See
and Forwarding Mechanisms"
ing.
In Allow Compression determine, whether the connection between the server and
clients should be compressed. After setting these options, click Next.
Section 14.7, "X, Authentication, and
(page 128) for more information about TCP forwarding.
Section 14.7, "X, Authentication,
(page 128) for more information about X forward-
SSH: Secure Network Operations 129