TheSSHServerBasics·Chapter7 159 ServerOptions After successfully compiling the OpenSSH (sshd) daemon, it is possible to determine some aspects of its behavior by acting on specific options. OpenSSH allows specifying options at two different levels: Within the configuration file Via the command line when invoking the daemon It is important to notice how the selectable options depend upon the choices made at compile time (compile-time flags); if an option whose support was omitted at compile time is specified, it will not be effective. In the first case, by acting on the configuration file existing in /etc/ssh/sshd_config, it is possible to declare a series of options, each on separate lines, specified through the keyword value pair; if the value string contains spaces, it must be enclosed in double quotes (""). When the sshd daemon processes the configuration file, blank lines and the lines starting with # are considered as comments. The configuration file content is processed by the daemon when started or when it receives a hangup signal (posix's SIGHUP); thus, it is possible to force the daemon to reread the content of its configuration file without ending the process and the active connections. In the configuration file, there can be other two keywords worthy of attention: subsystem and match. With the subsystem keyword, it is possible to configure an external module; by default, no subsystem is enabled. The typical example of a subsystem used to enable