免费注册 查看新帖 |


  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 1600 | 回复: 5
打印 上一主题 下一主题

sshd_config全解 [复制链接]

1 [收藏(0)] [报告]
发表于 2006-08-19 20:24 |只看该作者 |倒序浏览
关于sshd_config的Configure files。我系统是redhat as4 位置: /etc/ssh/sshd_config,我把自己的配置文件贴上来,没用的话大家就不要顶了哈……
          # This is ssh server systemwide configuration file.

          Port 22
          HostKey /etc/ssh/ssh_host_key
          ServerKeyBits 1024
          LoginGraceTime 600
          KeyRegenerationInterval 3600
          PermitRootLogin no
          IgnoreRhosts yes
          IgnoreUserKnownHosts yes
          StrictModes yes
          X11Forwarding no
          PrintMotd yes
          SyslogFacility AUTH
          LogLevel INFO
          RhostsAuthentication no
          RhostsRSAAuthentication no
          RSAAuthentication yes
          PasswordAuthentication yes
          PermitEmptyPasswords no
          AllowUsers admin


Port 22


HostKey /etc/ssh/ssh_host_key

    The option HostKey specifies the location containing the private host key.
ServerKeyBits 1024

    The option ServerKeyBits specifies how many bits to use in the server key. These bits are used when the daemon starts to generate its RSA key.
LoginGraceTime 600

    The option LoginGraceTime specifies how long in seconds after a connection request the server will wait before disconnecting if the user has not successfully logged in.
KeyRegenerationInterval 3600

    The option KeyRegenerationInterval specifies how long in seconds the server should wait before automatically regenerated its key. This is a security feature to prevent decrypting captured sessions.
PermitRootLogin no

    The option PermitRootLogin specifies whether root can log in using ssh. Never say yes to this option. 这项比较重要,是否允许root从远程登陆,根据各人需要自己决定吧,一般都不打开这个,ssh远程登陆还是比较可怕的。
IgnoreRhosts yes

    The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication. For security reasons it is recommended to no use rhosts or shosts files for authentication.
IgnoreUserKnownHosts yes

    The option IgnoreUserKnownHosts specifies whether the ssh daemon should ignore the user's $HOME/.ssh/known_hosts during RhostsRSAAuthentication.
StrictModes yes

    The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable.
X11Forwarding no

    The option X11Forwarding specifies whether X11 forwarding should be enabled or not on this server. Since we setup a server without GUI installed on it, we can safely turn this option off.
PrintMotd yes

    The option PrintMotd specifies whether the ssh daemon should print the contents of the /etc/motd file when a user logs in interactively. The /etc/motd file is also known as the message of the day.
SyslogFacility AUTH

    The option SyslogFacility specifies the facility code used when logging messages from sshd. The facility specifies the subsystem that produced the message--in our case, AUTH.
LogLevel INFO

    The option LogLevel specifies the level that is used when logging messages from sshd. INFO is a good choice. See the man page for sshd for more information on other possibilities.
RhostsAuthentication no

    The option RhostsAuthentication specifies whether sshd can try to use rhosts based authentication. Because rhosts authentication is insecure you shouldn't use this option.
RhostsRSAAuthentication no

    The option RhostsRSAAuthentication specifies whether to try rhosts authentication in concert with RSA host authentication.
RSAAuthentication yes

    The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with the ssh-keygen1utility for authentication purposes.
PasswordAuthentication yes

    The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.
PermitEmptyPasswords no

    The option PermitEmptyPasswords specifies whether the server allows logging in to accounts with a null password. If you intend to use the scp utility to make automatic backups over the network, you must set this option to yes.
AllowUsers admin
    The option AllowUsers specifies and controls which users can access ssh services. Multiple users can be specified, separated by spaces. (AllowUsers指定用户从哪里登陆,需要指定的话就指定就行了。)改完了之后# /etc/rc.d/sshd reload就可以了。

2 [报告]
发表于 2006-08-19 20:59 |只看该作者
The option AllowUsers specifies and controls which users can access ssh services. Multiple users can be specified, separated by spaces. (AllowUsers指定用户从哪里登陆,需要指定的话就指定就行了。)


3 [报告]
发表于 2006-08-20 17:05 |只看该作者
对了,Redhat As版上重启ssh这样/etc/init.d/restart

4 [报告]
发表于 2006-08-20 17:06 |只看该作者
原帖由 aib 于 2006-8-19 20:59 发表


是的,我reahat as是这样指定的,我指定root@,这样root就只能从192.168.0.8上用root登陆了。

5 [报告]
发表于 2006-08-20 19:37 |只看该作者
楼主的 TCP Wrappers 是怎样设定的?

6 [报告]
发表于 2006-08-20 21:02 |只看该作者
PasswordAuthentication yes
AuthorizeKeyFile %h/.ssh/authorized_keys

您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复


北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP