Chapter 4 Configuring Tectia Server

Table of Contents

Tectia Server Configuration Tool
Tectia Server
Proxy Rules
Domain Policy
Password Cache
Certificate Validation
Defining Access Rules Using Selectors (Advanced Mode)
Connections and Encryption
Configuration File for Tectia Server
Dividing the Configuration into Several Files
Using Selectors in Configuration File

Tectia Server uses an XML-based configuration file ssh-server-config.xml that allows flexible implementation of real-life enterprise security policies.

The configuration file can be used to define settings with values that are different from the factory-set default values. When the configuration file has been created, the values of elements included in the file will override the default values of those elements. Any elements not included in the configuration file will use the hard-coded default values.

You can view the default values in the ssh-server-config-default.xml file that is stored in /etc/ssh2/ on Unix and in <INSTALLDIR>\SSH Tectia Server\ on Windows. The default configuration file is not read by Tectia Server, but it shows the hardcoded system defaults.

Tectia Server also includes an example file ssh-server-config-example.xml that contains a useful example configuration with explanations of the options. The example file is located in the same directory as the default configuration file.

On Windows, you can use the Tectia Server Configuration tool to edit the configuration (see Tectia Server Configuration Tool). The ssh-server-config.xml configuration file can also be edited with an XML editor or ASCII text editor directly in XML format (see Configuration File for Tectia Server).

After editing the configuration file, in most cases it is enough to reconfigure the server, but changing the listener ports or the FIPS-mode settings requires restarting the server. On Windows, reconfiguration happens when you click Apply or OK. On Unix, to make Tectia Server re-read its configuration, you can use the ssh-server-ctl(8). For instructions on restarting the server, see Starting and Stopping the Server.