The characteristics of a Secure Shell session are controlled by configuration files. Some keyword values in the configuration files can be overridden by options on the command line.
In most cases, the client-side characteristics of a Secure Shell session are governed by the system-wide configuration file, /etc/ssh/ssh_config. The settings in the ssh_config file can be overridden by the user's configuration file, ~/.ssh/config. In addition, the user can override both configuration files on the command line.
The settings in the server's /etc/ssh/sshd_config file determine which client requests are permitted by the server. For a list of server configuration settings, see the sshd_config (4) man page.
The keywords in the client configuration file are described in detail in the ssh (1) , scp (1) , sftp (1) , and ssh_config (4) man pages.
Sometimes, having different Secure Shell characteristics for different local hosts is useful. The administrator can define separate sets of parameters in the /etc/ssh/ssh_config file to be applied according to host or regular expression by grouping entries in the file by Host keyword. If the Host keyword is not used, the entries in the client configuration file apply to the local system.
Each host that needs to communicate securely with another host must have the server's public key stored in the local host's /etc/ssh/ssh_known_hosts file. Although a script could be used to update the /etc/ssh/ssh_known_hosts files, such a practice is heavily discouraged because a script opens a major security vulnerability.
Over a secure connection, such as Secure Shell, IPsec, or Kerberized ftp from a known and trusted system
At system install time
To avoid the possibility of an intruder gaining access by inserting bogus public keys into a known_hosts file, you should use a known and trusted source of the ssh_known_hosts file. The ssh_known_hosts file can be distributed during installation. Later, scripts that use the scp command can be used to copy the latest version.
SunSSH supports login environment variables from the /etc/default/login entries for unset keyword values and uses the environment variables that users set in their login shell. OpenSSH can use only the PATH variable from a user's login shell.
In SunSSH, when the following keywords are not set in the sshd_config file, they obtain their value from equivalent entries in the /etc/default/login file. In the sshd_config file, you can modify values for the keywords pertaining to logins in the following table.
To see a full list of optional values for these keywords, see the sshd_config(4) man page.