注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

HelloWorld

echo "Hello world !"

 
 
 

日志

 
 

sshd_config  

2006-01-10 17:25:43|  分类: 编程与技术 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

#       $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
#       $FreeBSD: src/crypto/openssh/sshd_config,v 1.42.2.1 2005/09/11 16:50:35 des Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20050903

Port 22
Protocol 2
AddressFamily any
ListenAddress 172.16.8.95
#ListenAddress ::

#HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
#HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
PasswordAuthentication yes
PermitEmptyPasswords yes
UseDNS no

# Change to no to disable PAM authentication
ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server


====================================================================
中文解释:


#服务器端配置  /etc/ssh/sshd_config
#只考虑协议版本2

#全局配置
VersionAddendum TecZm-20050505      #在telnet ip 22时只能看出openssh的版本,看不出OS
Protocol 2        #使用协议版本2 
Port 22            #sshd监听22端口
ListenAddress 192.168.7.1          #sshd只监听目标ip为192.168.7.1的请求
AllowGroups    wheel myguest        #允许wheel组和myguest组的用户登录
AllowUsers  teczm authen@192.168.8.5  #允许来自以上组的teczm用户和authen用户登录,
                                      #且authen用户只能从主机192.168.8.5登录
#DenyGroups            #拒绝登录的组,参数设置和AllowGroups一样
#DenyUsers            #拒绝登录的用户,参数设置和AllowUsers一样
#AllowTcpForwarding yes              #是否转发的TCP包都被允许。默认是 ``yes''。
LoginGraceTime 60                    #60秒内客户端不能登录即登录超时,sshd切断连接。
KeyRegenerationInterval  1800        #1800秒(30分钟)后自动重新生成服务器的密匙。
MaxStartups 3               #设置同时发生的未验证的并发量,即同时可以有几个
UseDNS no                            #不使用DNS查询客户端。
PermitRootLogin no                    #不允许root登录,root可由wheel组用户登录后su。
X11Forwarding no                #禁止用户运行远程主机上的X程序,我没有X,所以无所谓。
UseLogin yes                    #禁止X11Forwarding

#认证配置(口令认证、PAM认证、非对称密钥认证任选其一)

#口令认证
PubkeyAuthentication  no      #不使用非对称密钥认证
PasswordAuthentication yes    #使用口令认证
PermitEmptyPasswords no        #不允许使用空密码的用户登录


#非对称密钥认证
PasswordAuthentication no                #不使用口令认证
PubkeyAuthentication  yes                #使用非对称密钥认证
UsePam              no                    #yes的话非对称密钥验证失败,仍然可用口令登录
AuthorizedKeysFile  .ssh/authorized_keys      #用户认证使用的公钥。

Subsystem  sftp  /usr/libexec/sftp-server 

  评论这张
 
阅读(25)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017