sshd
/etc/ssh/sshd_config???? 服務器端配置文件 /etc/ssh/ssh_config?????? 客戶器端配置文件 ========================================================= /etc/ssh/sshd_config ========================================================= #?$OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ # This is the sshd server system-wide configuration file.? See
# sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.? Uncommented options change a
# default value. Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
ListenAddress 192.168.2.1 開啟接受監聽的地址
#ListenAddress :: # HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
ServerKeyBits 768 # Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO # Authentication: #LoginGraceTime 2m
PermitRootLogin yes??? 開啟root用戶登陸
#StrictModes yes
#MaxAuthTries 6 #RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile?.ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no???? 開啟禁止空密碼登陸
PasswordAuthentication yes # Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no # Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no # GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes # Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no # no default banner path
#Banner /some/path # override default of no subsystems
Subsystem?sftp?/usr/libexec/openssh/sftp-server
=============================================================== /etc/ssh/ssh_config =============================================================== #?$OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ # This is the ssh client system-wide configuration file.? See
# ssh_config(5) for more information.? This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line. # Configuration data is parsed as follows:
#? 1. command line options
#? 2. user-specific file
#? 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end. # Site-wide defaults for some commonly used options.? For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page. # Host *
#?? ForwardAgent no
#?? ForwardX11 no
#?? RhostsRSAAuthentication no
#?? RSAAuthentication yes
#?? PasswordAuthentication yes
#?? HostbasedAuthentication no
#?? BatchMode no
#?? CheckHostIP yes
#?? AddressFamily any
#?? ConnectTimeout 0
#?? StrictHostKeyChecking ask
#?? IdentityFile ~/.ssh/identity
#?? IdentityFile ~/.ssh/id_rsa
#?? IdentityFile ~/.ssh/id_dsa
#?? Port 22
#?? Protocol 2,1
#?? Cipher 3des
#?? Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#?? EscapeChar ~
#?? Tunnel no
#?? TunnelDevice any:any
#?? PermitLocalCommand no
Host *
?GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
?ForwardX11Trusted yes
# Send locale-related environment variables
?SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
?SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
?SendEnv LC_IDENTIFICATION LC_ALL
# sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.? Uncommented options change a
# default value. Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
ListenAddress 192.168.2.1 開啟接受監聽的地址
#ListenAddress :: # HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
ServerKeyBits 768 # Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO # Authentication: #LoginGraceTime 2m
PermitRootLogin yes??? 開啟root用戶登陸
#StrictModes yes
#MaxAuthTries 6 #RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile?.ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no???? 開啟禁止空密碼登陸
PasswordAuthentication yes # Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no # Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no # GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes # Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no # no default banner path
#Banner /some/path # override default of no subsystems
Subsystem?sftp?/usr/libexec/openssh/sftp-server
=============================================================== /etc/ssh/ssh_config =============================================================== #?$OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ # This is the ssh client system-wide configuration file.? See
# ssh_config(5) for more information.? This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line. # Configuration data is parsed as follows:
#? 1. command line options
#? 2. user-specific file
#? 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end. # Site-wide defaults for some commonly used options.? For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page. # Host *
#?? ForwardAgent no
#?? ForwardX11 no
#?? RhostsRSAAuthentication no
#?? RSAAuthentication yes
#?? PasswordAuthentication yes
#?? HostbasedAuthentication no
#?? BatchMode no
#?? CheckHostIP yes
#?? AddressFamily any
#?? ConnectTimeout 0
#?? StrictHostKeyChecking ask
#?? IdentityFile ~/.ssh/identity
#?? IdentityFile ~/.ssh/id_rsa
#?? IdentityFile ~/.ssh/id_dsa
#?? Port 22
#?? Protocol 2,1
#?? Cipher 3des
#?? Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#?? EscapeChar ~
#?? Tunnel no
#?? TunnelDevice any:any
#?? PermitLocalCommand no
Host *
?GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
?ForwardX11Trusted yes
# Send locale-related environment variables
?SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
?SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
?SendEnv LC_IDENTIFICATION LC_ALL
轉載于:https://blog.51cto.com/clusters/123704
總結
- 上一篇: request获取数据3种方法
- 下一篇: BIOS中英文对照