• Linux中Sshd服务配置文件优化版本(/etc/ssh/sshd_config)


    Linux中Sshd服务配置文件优化版本(/etc/ssh/sshd_config)

    #	$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
    
    # If you want to change the port on a SELinux system, you have to tell
    # SELinux about this change.
    # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER#
    Port 12525
    
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    # The default requires explicit activation of protocol 1
    Protocol 2
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    HostKey /etc/ssh/ssh_host_ecdsa_key
    HostKey /etc/ssh/ssh_host_ed25519_key
    
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 1024
    
    # Ciphers and keying
    #RekeyLimit default none
    
    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO
    
    # Authentication:
    LoginGraceTime 2m
    PermitRootLogin no
    StrictModes yes
    MaxAuthTries 3
    MaxSessions 5
    
    #RSAAuthentication yes
    #PubkeyAuthentication yes
    
    # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
    # but this is overridden so installations will only check .ssh/authorized_keys
    AuthorizedKeysFile	.ssh/authorized_keys
    
    #AuthorizedPrincipalsFile none
    
    #AuthorizedKeysCommand none
    #AuthorizedKeysCommandUser nobody
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication yes
    #PermitEmptyPasswords no
    PasswordAuthentication yes
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    ChallengeResponseAuthentication no
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    #KerberosUseKuserok yes
    
    # GSSAPI options
    GSSAPIAuthentication yes
    GSSAPICleanupCredentials no
    #GSSAPIStrictAcceptorCheck yes
    #GSSAPIKeyExchange no
    #GSSAPIEnablek5users no
    UsePAM yes
    
    #AllowAgentForwarding yes
    AllowTcpForwarding yes
    #GatewayPorts no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PermitTTY yes
    PrintMotd yes
    PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no
    UsePrivilegeSeparation sandbox
    #PermitUserEnvironment no
    Compression yes
    ClientAliveInterval 25
    ClientAliveCountMax 3
    #ShowPatchLevel no
    UseDNS no
    #PidFile /var/run/sshd.pid
    MaxStartups 5
    #PermitTunnel no
    #ChrootDirectory none
    #VersionAddendum none
    
    # no default banner path
    #Banner none
    
    # Accept locale-related environment variables
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
    AcceptEnv XMODIFIERS
    
    # override default of no subsystems
    Subsystem	sftp	/usr/libexec/openssh/sftp-server
    
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    #	X11Forwarding no
    #	AllowTcpForwarding no
    #	PermitTTY no
    #	ForceCommand cvs server
    
    AllowUsers www ops admin
    
  • 相关阅读:
    初涉echarts图表笔记。
    es6----数组去重(简单类型和引用类型)
    git pull 拉取更新失败解决方案
    javascript----是否下拉到页面底部
    构造函数和析构函数
    派生类和基类
    C++11新标准
    类型转换
    编码
    牛牛的背包问题
  • 原文地址:https://www.cnblogs.com/Serverlessops/p/12368657.html
Copyright © 2020-2023  润新知