OpenSSH

• dropbear
• libressl
• monit
• openssl
• SSH

• ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
• http://cmrg.fifthhorseman.net/wiki/OpenSSH
• https://dev.gentoo.org/~swift/docs/security_benchmarks/openssh.html
• Match support in SSHD

OpenSSH requires that users be in the ssh-users group to login.

A public key is recommended, but not required.

# A barebones sshd_config
PermitRootLogin no
PasswordAuthentication no
UsePAM no
PrintMotd no
PrintLastLog no
Subsystem       sftp    /usr/lib64/misc/sftp-server
AllowGroups ssh-users

Don't hash known_hosts so that bash completion will work. Add to ~/.ssh/config:

HashKnownHosts no

Decide which public key to use. Also see this.

IdentityFile ~/.ssh/id_rsa

SSHD must be enabled in System Preferences > Sharing with service Remote Login enabled. A firewall rule must allow access on port 22 as well, which can be setup in System Preferences > Security > Firewall > Advanced with the following configuration:

• Block all incoming connections (unchecked)
• Remote Login (SSH) - Allow incoming connections

The config file for OS X for SSHD is located at /etc/sshd_config

Add these lines to the config file:

PermitRootLogin no
PasswordAuthentication no
UsePAM no
AllowUsers <user-name>

Then restart the SSH server manually from Terminal:

launchctl stop com.openssh.sshd
launchctl start com.openssh.sshd

Use the local copy of OpenSSL:

./configure --with-ssl-dir=/usr/local

If looking for ssh-copy-id, it will be in the contrib directory.