SSH configuration
SSH is the main service of ContainerSSH. It has the following configuration structure:
ssh:
<options>
The options are as follows:
| Name | Type | Description |
|---|---|---|
listen |
string |
IP and port pair to bind the SSH service to. Defaults to 0.0.0.0:2222 |
serverVersion |
string |
Server version string presented to any connecting client. Must start with SSH-2.0-. Defaults to SSH-2.0-ContainerSSH. |
ciphers |
[]string |
List of ciphers the server should support. See the Ciphers section below. |
kex |
[]string |
List of key exchange algorithms the server should support. See the Key exchange section below. |
macs |
[]string |
List of MAC algorithms the server should support. See the MAC section below. |
banner |
string |
The banner text to presented to any connecting client. |
hostkeys |
[]string |
List of host keys in PEM format, or file names to read the key from. Generate with openssl genrsa |
clientAliveInterval |
time.Duration (string) |
Time interval between keepAlive messages containerssh sends to the client. Defaults to 0, disabled. Example value:30s |
clientAliveCountMax |
int |
Number of missed keepAlive messages before a client is considered disconnected and the connection is closed |
Configuring the server version¶
The SSH server version is presented to any connecting client in plain text upon connection. It has the following format:
SSH-2.0-softwareversion <SP> comments
The softwareversion can only contain printable US-ASCII characters without whitespace and minus (-) signs. The comments field is optional and is separated from the softwareversion with a single space. The maximum length of the version string is 255 characters.
Configuring a banner¶
SSH offers the ability to output a message to the clients before they enter passwords. This can be configured in the banner option. The banner can contain multiple lines.
Ciphers¶
ContainerSSH supports the following ciphers. The defaults are configured based on Mozilla Modern suite.
| Algorithm | Default |
|---|---|
| chacha20-poly1305@openssh.com | |
| aes256-gcm@openssh.com | |
| aes128-gcm@openssh.com | |
| aes256-ctr | |
| aes192-ctr | |
| aes128-ctr | |
| aes128-cbc | |
| arcfour256 | |
| arcfour128 | |
| arcfour | |
| tripledescbcID |
Key exchange¶
ContainerSSH supports the following key exchange algorithms. The defaults are configured based on Mozilla Modern suite.
| Algorithm | Default |
|---|---|
| curve25519-sha256@libssh.org | |
| ecdh-sha2-nistp521 | |
| ecdh-sha2-nistp384 | |
| ecdh-sha2-nistp256 | |
| diffie-hellman-group14-sha1 | |
| diffie-hellman-group1-sha1 |
MAC¶
ContainerSSH supports the following MAC algorithms. The defaults are configured based on Mozilla Modern suite.
| Algorithm | Default |
|---|---|
| hmac-sha2-256-etm@openssh.com | |
| hmac-sha2-256 | |
| hmac-sha1 | |
| hmac-sha1-96 |