SSH is configured via the /etc/ssh/sshd_config file. The file as installed in the OpenSSH package looks something like the following:
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
# Use these options to restrict which interfaces/protocols sshd will bind to
# HostKeys for protocol version 2
#Privilege Separation is turned on for security
# Lifetime and size of ephemeral version 1 server key
# Don't read the user's ~/.rhosts and ~/.shosts files
# For this to work you will also need host keys in /etc/ssh_known_hosts
# similar for protocol version 2
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
# To enable empty passwords, change to yes (NOT RECOMMENDED)
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
# Change to no to disable tunnelled clear text passwords
# Kerberos options
# GSSAPI options
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
This default setup is good to go for most users.
By default, OpenSSH is configured to run on the standard SSH port: 22. If you want to increase your security, so that people or scripts cannot guess the port to connect to, you can change this (-by altering the line highlighted above) to a different port that is not already in use.
You can find out which ports are currently being used by looking (-or using grep) through the /etc/services file:
$ grep "22/tcp" /etc/services
ssh 22/tcp # SSH Remote Login Protocol
xmpp-client 5222/tcp jabber-client # Jabber Client Connection
bpjava-msvc 13722/tcp # BP Java MSVC Protocol
$ grep "501/tcp" /etc/services
If you do change the SSH port, you'll need to remember to specify the new port (-using the -p option) when you try to connect to your server. For example, if you configure your SSH daemon to listen on port 501, any client connecting would need to use the following syntax:
$ ssh localhost -p 501
If you have problems connecting after changing the port, check that the port used by SSH is not blocked by your firewall rules.