SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server >>
    Getting Started >>
    Configuration >>
        SSH Tectia Server Configuration Tool >>
            SSH Tectia Server
            General
            Network
            Encryption
            Identity
            Tunneling
            User Authentication
            Password
            Public Key
            Certificates
            CRL Caching
            RSA SecurID
            GSSAPI
            RADIUS
            Host Restrictions
            User Restrictions
            SFTP Server
            Power Users
            License
        Configuration Files >>
        Subconfigurations >>
        Auditing
    Authentication >>
    Application Tunneling >>
    Troubleshooting >>
    Configuration File Reference >>
    Command-Line Tools >>
    Log Messages >>

Network

The Network page of the SSH Tectia Server Configuration tool allows you to specify the basic network settings to be used.


server-network-4.gif
Figure : The network settings

  • Port

    Specify the port number that the server listens on (allowed values are 1 - 65535). The server has to be restarted in order to use the changed setting. The default port is 22.

  • Listen address

    Specify the IP address of the network interface card where the Secure Shell server socket is bound. The server has to be restarted in order to use the changed setting.

  • Require reverse DNS mapping

    This option is used to check whether the hostname DNS lookup must succeed when checking if connections from hosts are allowed using the Allow login from hosts and Deny login from hosts options. For more information on these two options, see Section Host Restrictions.

    The possible options are the following:

    • Yes: Reverse DNS mapping is required.
    • No: Reverse DNS mapping is not required.
    • No, but try: Reverse DNS mapping is not required, but the system attempts to use it. This is the default value.

    If reverse DNS mapping is used and the name lookup fails, the connection is denied. When this option is not used and the name lookup fails, the remote host's IP address is used to check whether it is allowed to connect. This is probably not what you want if you have specified only hostnames (not IP addresses) with the Allow/Deny login from hosts settings.

  • TCP no delay

    Specify this option to enable the socket option TCP_NODELAY. By default, this option is on.

  • TCP keep alive

    Specify whether the system should send keepalive messages to the other side. If they are sent, loss of connection or crash of one of the machines will be properly noticed. However, this means that connections will die if the route is down temporarily, which in some situations can be annoying. On the other hand, if keepalive messages are not sent, sessions may hang indefinitely on the server, leaving "ghost" users and consuming server resources.

    The default value is to send keepalive messages, which means that the server will notice if the network fails or the client host reboots. This helps to avoid infinitely hanging sessions.

    To disable keepalive messages, the option should be disabled in both the server and the client configuration.

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice