linux惯用的服务-SSH以及ssh公钥认证
日期:2014-05-16 浏览次数:20787 次
linux常用的服务--SSH以及ssh公钥认证
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
ListenAddress 192.168.1.1 -------------监听的主机,只监听来自192.168.1.1的ssh连接
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2 ----------------ssh的协议版本,这里是2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h -----------每个一个小时重新建立一次连接,这里未开启
#ServerKeyBits 1024 -----------server key的长度
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV ------------当有人使用ssh登入系统的时候,ssh会记录信息(/var/log/secure)
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes -----------是否允许root登陆,默认是允许的,建议设置成no
#StrictModes yes -------------当使用者的host key改变之后,server就不接受其联机
#MaxAuthTries 6 --------------最多root尝试6次连接
#MaxSessions 10
#RSAAuthentication yes -------------是否使用rsa认证,只针对version1
#PubkeyAuthentication yes ------------是否允许public key,只针对version2
#AuthorizedKeysFile .ssh/authorized_keys -------认证文件
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no ---------是否仅适用于rhosts认证,为了安全一定设置为否
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no --------------是否忽略掉~/.shosts files中的用户
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentica
一、ssh(secure shell)安装
SSH默认情况下已经安装了,包装包的名称是openssh,使用源码包安装的方法是
[root@localhost logs]# yum install openssh
………………………………
Downloading Packages:
(1/4): openssh-5.3p1-84.1.el6.x86 | 236 kB 00:00
(2/4): openssh-askpass-5.3p1-84.1 | 53 kB 00:00
(3/4): openssh-clients-5.3p1-84.1 | 355 kB 00:00
(4/4): openssh-server-5.3p1-84.1. | 299 kB 00:00
……………………
二、ssh相关的文件详解
1、 /etc/ssh/sshd_config ssh 服务的主配置文件,基本上所有的ssh相关设定都在这里
# This is the sshd server system-wide configuration file. See# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22 -----sshd服务默认的端口22,为了安全考虑建议修改成其它端口
#AddressFamily anyListenAddress 192.168.1.1 -------------监听的主机,只监听来自192.168.1.1的ssh连接
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2 ----------------ssh的协议版本,这里是2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h -----------每个一个小时重新建立一次连接,这里未开启
#ServerKeyBits 1024 -----------server key的长度
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV ------------当有人使用ssh登入系统的时候,ssh会记录信息(/var/log/secure)
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes -----------是否允许root登陆,默认是允许的,建议设置成no
#StrictModes yes -------------当使用者的host key改变之后,server就不接受其联机
#MaxAuthTries 6 --------------最多root尝试6次连接
#MaxSessions 10
#RSAAuthentication yes -------------是否使用rsa认证,只针对version1
#PubkeyAuthentication yes ------------是否允许public key,只针对version2
#AuthorizedKeysFile .ssh/authorized_keys -------认证文件
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no ---------是否仅适用于rhosts认证,为了安全一定设置为否
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no --------------是否忽略掉~/.shosts files中的用户
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentica
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
