ssh_config
# Host * (只对能够匹配后面字串的计算机有效。“*”表示所有的计算机)
# ForwardAgent no (设置连接是否经过验证代理(如果存在)转发给远程计算机)
# ForwardX11 no (设置X11连接是否被自动重定向到安全的通道和显示集)
# RhostsRSAAuthentication no (设置是否使用用RSA算法的基于rhosts的安全验证)
# RSAAuthentication yes (设置是否使用RSA算法进行安全验证)
# PasswordAuthentication yes (设置是否使用口令验证)
# HostbasedAuthentication no (若设置为yes,则尝试着进行rhosts身份验证。对于安全要求更高的系统,请将其设置为no(默认值))
# GSSAPIAuthentication no (ssh的会话直到DNS请求超时才会继续下去,建意no)
# GSSAPIDelegateCredentials no (ssh的会话直到DNS请求超时才会继续下去,建意no)
# BatchMode no (如果设为“yes”,passphrase/password(交互式输入口令)的提示将被禁止。
当不能交互式输入口令的时候,这个选项对脚本文件和批处理任务十分有用)
# CheckHostIP yes (设置ssh是否查看连接到服务器的主机的IP地址以防止DNS欺骗。建议设置为“yes”)
# AddressFamily any (设置允许的地址)
# ConnectTimeout 0 (连接超时)
# StrictHostKeyChecking ask (如果设置成“yes”,ssh就不会自动把计算机的密匙加入“$HOME/.ssh)
# IdentityFile ~/.ssh/identity (设置从哪个文件读取用户的RSA安全验证标识)
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22 (设置连接到远程主机的端口)
# Protocol 2,1 (设置协议版本,建意用2)
# Cipher 3des (设置加密用的密码)
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~ (设置escape字符)
# Tunnel no (隧道模式)
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
=======================================================
sshd_config
#Port 22 (设置sshd监听的端口号)
#AddressFamily any
#ListenAddress 0.0.0.0 (设置sshd服务器绑定的IP地址)
#ListenAddress ::Protocol 2 (设置协议版本)
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key (设置包含计算机私人密匙的文件)
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h (KeyRegenerationInterval 3600)
#ServerKeyBits 1024 (定义服务器密匙的位数)# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH (设置在记录来自sshd的消息的时候,是否给出“facility code”)
SyslogFacility AUTHPRIV
#LogLevel INFO (设置记录sshd日志消息的层次。INFO是一个好的选择。查看sshd的man帮
助页,已获取更多的信息)# Authentication:
#LoginGraceTime 2m (设置如果用户不能成功登录,在切断连接之前服务器需要等待的时间)
#PermitRootLogin yes (设置root能不能用ssh登录。这个选项一定不要设成“yes”)
#StrictModes yes (设置ssh在接收登录请求之前是否检查用户家目录和rhosts文件的权限和所
有权。这通常是必要的,因为新手经常会把自己的目录和文件设成任何人都有写权限)
#MaxAuthTries 6 (限制登陆密码输错次数)
#MaxSessions 10#RSAAuthentication yes (设置是否允许用rhosts或“/etc/hosts.equiv”加上RSA进行安全验证)
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no (设置是否允许用rhosts或“/etc/hosts.equiv”加上RSA进行安全验证)
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no (设置ssh daemon是否在进行RhostsRSAAuthentication安全验证
的时候忽略用户的“$HOME/.ssh/known_hosts)
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes (设置验证的时候是否使用“rhosts”和“shosts”文件)# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes (设置是否允许口令验证)
#PermitEmptyPasswords no (设置是否允许用口令为空的帐号登录)
PasswordAuthentication yes# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no (设置是否允许X11转发)
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes (设置sshd是否在用户登录的时候显示“/etc/motd”中的信息)
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10 (同时登录的用户的个数)
#PermitTunnel no
#ChrootDirectory none (ChrootDirectory /home/%u改变登陆者的目录)# no default banner path
#Banner none# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server