[root@nn1 ~]# vim /etc/ssh/sshd_config
Ciphers and keying
RekeyLimit default none
Logging
SyslogFacility AUTH
Authentication:
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
MaxSessions 10
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
AuthorizedPrincipalsFile none
AuthorizedKeysCommand none
AuthorizedKeysCommandUser nobody
HostbasedAuthentication no
Change to yes if you don't trust ~/.ssh/known_hosts for
HostbasedAuthentication
IgnoreUserKnownHosts no
Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication yes
Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
KerberosAuthentication no
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
KerberosGetAFSToken no
KerberosUseKuserok yes
GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
GSSAPIStrictAcceptorCheck yes
GSSAPIKeyExchange no
GSSAPIEnablek5users no
Set this to 'yes' to enable PAM authentication, account processing,
and session processing. If this is enabled, PAM authentication will
be allowed through the ChallengeResponseAuthentication and
PasswordAuthentication. Depending on your PAM configuration,
PAM authentication via ChallengeResponseAuthentication may bypass
the setting of "PermitRootLogin without-password".
If you just want the PAM account and session checks to run without
PAM authentication, then enable this but set PasswordAuthentication
and ChallengeResponseAuthentication to 'no'.
problems.
UsePAM yes
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts no
X11Forwarding yes
PermitTTY yes
PrintMotd yes
PrintLastLog yes
TCPKeepAlive yes
UseLogin no
UsePrivilegeSeparation sandbox
PermitUserEnvironment no
Compression delayed
ClientAliveInterval 0
ClientAliveCountMax 3
ShowPatchLevel no
UseDNS yes
PidFile /var/run/sshd.pid
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
MaxSessions 10
PubkeyAuthentication yes
Authentication:
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
MaxSessions 10
PubkeyAuthentication yes
The default is to check both .ssh/authorized_keys and .ssh/authorize
d_keys2
but this is overridden so installations will only check .ssh/authori
zed_keys
AuthorizedKeysFile .ssh/authorized_keys
AuthorizedPrincipalsFile none
AuthorizedKeysCommand none
AuthorizedKeysCommandUser nobody
For this to work you will also need host keys in /etc/ssh/sshknown
hosts
HostbasedAuthentication no
已查找到文件开头,再从结尾继续查找
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
MaxSessions 10
PubkeyAuthentication yes
The default is to check both .ssh/authorized_keys and .ssh/authorize
d_keys2
but this is overridden so installations will only check .ssh/authori
zed_keys
AuthorizedKeysFile .ssh/authorized_keys
AuthorizedPrincipalsFile none
AuthorizedKeysCommand none
AuthorizedKeysCommandUser nobody
For this to work you will also need host keys in /etc/ssh/sshknown
hosts
HostbasedAuthentication no
Change to yes if you don't trust ~/.ssh/known_hosts for
这是我的sshd_config配置
