Use the ssh man page as a starting point for sshd_config

February 20th, 2008 | by Tony Steidler-Dennison |

(Via Mac OS X Hints.)

Having lost part of a Sunday getting a hardened SSH to work between my various machines, it was a pleasure to recover by writing a Python script to create an /etc/sshd_config file I could actually read. Here’s the script, which I’ve named sshd_config.py, to transform /etc/sshd_config into a more literate form, based on the man page for sshd_config.

To harden SSH on OS X, one modifies /etc/sshd_config. The web abounds with advice on what options to set, some of which are now deprecated. For others, the man page and Apple’s /etc/sshd_config disagree on which is the default value. In these cases, /etc/sshd_config appears to be correct, but one cannot be sure.

This script creates a commented copy of the man page for sshd_config, and modifies it by inserting default values from /etc/sshd_confi …

Post a Comment