Parameter explanation of /etc/ssh/sshd.config and solution to slow ssh login (transfer)

Others 2022-04-28 12:04:19 views: 0
# 1. About the overall setting of SSH Server, including the port used, and the password algorithm used
Port 22 # SSH defaults to use the port 22, you can also use more ports!
              # That is, you can use the port setting item repeatedly!
Protocol 2,1 # The selected SSH protocol version, it can be 1 or 2,
              # If you want to support both, you must use the 2,1 separation!
#ListenAddress 0.0.0.0 # The listening host adapter! For example, if you have two IPs,
              # are 192.168.0.100 and 192.168.2.20 respectively, then you only want to
              # open 192.168.0.100, you can write the following style:
ListenAddress 192.168.0.100 # only listen SSH connection from the IP 192.168.0.100.
                   # If you don't use the setting, all interfaces will accept SSH by default
PidFile /var/run/sshd.pid # You can put the PID file of SSHD! The left column is the default value
LoginGraceTime 600 # When the user connects to the SSH server, the screen for entering the password will appear.
              # In this screen, how long does it take to successfully connect to the SSH server,
              # will be disconnected! Time in seconds!
Compression yes # Can compression directives be used? of course can?!
 
# 2. Describe the file placed in the host's Private Key. The default file is the one below!
HostKey /etc/ssh/ssh_host_key # Private key used by SSH version 1
HostKey /etc/ssh/ssh_host_rsa_key # RSA private key used by SSH version 2
HostKey /etc/ssh/ssh_host_dsa_key # DSA private key used by SSH version 2

# 2.1 About Some settings for version 1!
KeyRegenerationInterval 3600 # From the previous online description, we can know that version 1 will use 
                   the Public Key of the # server, so if this Public 
                   # Key is stolen, will it be finished? So it needs
                   to be rebuilt every so often #! The time here is in seconds!
ServerKeyBits 768 # That's right! This is the length of the Server key!
# 3. The message data about the registration file is placed and the name of the daemon!
SyslogFacility AUTH # When someone uses SSH to log in to the system, SSH will record information
                   # under what daemon name should this information be recorded?
                   # The default is set with AUTH, which is /var/log/secure
                   # inside! What? forgotten! Go back to the Linux basics and look at it
                   # Other available daemon names are: DAEMON, USER, AUTH,
                   # LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5,
LogLevel INFO # The level of the login record! Hey-hey! any message!
                   # Similarly, if you forget it, go back and refer to it!
# 4. Security setting items! Very important!
# 4.1 Login setting part
PermitRootLogin no # Whether to allow root login! The default is allowed, but it is recommended to set it to no!
UserLogin no # Under SSH, the login program of login is not accepted!
StrictModes yes # When the user's host key is changed, the Server will not accept the connection,
              # It can resist some Trojan horse programs!
#RSAAuthentication yes # Whether to use pure RSA authentication! ? For version 1 only!
PubkeyAuthentication yes # Is Public Key allowed? Of course it is allowed! Only version 2
AuthorizedKeysFile .ssh/authorized_keys
              # When the above is set to use an account that does not require a password to log in, then the
              file name of the # account is stored!
# 4.2 Authentication part
RhostsAuthentication no # The local system does not only use .rhosts, because only using .rhosts is too
              # insecure, so it must be set to no here!
IgnoreRhosts yes # Whether to cancel the use of ~/.ssh/.rhosts for authentication! of course!
RhostsRSAAuthentication no # This option is specially used for version 1. Use the rhosts file in
              # /etc/hosts.equiv with the RSA algorithm for authentication! Don't use
HostbasedAuthentication no # This project is similar to the one above, but for version 2!
IgnoreUserKnownHosts no # Whether to ignore the records recorded by the file ~/.ssh/known_hosts in the home directory
              # host content? Of course don't ignore it, so here is no!
PasswordAuthentication yes # Password authentication is of course required! So write yes here?!
PermitEmptyPasswords no # If the above item is set to yes, this item is best set
              # to no, this item is allowed to log in with an empty password! Of course not!
ChallengeResponseAuthentication yes # Challenge any password authentication! Therefore, any authentication method specified in login.conf 
                   # can be applied!
#PAMAuthenticationViaKbdInt yes # Enable other PAM modules! Enabling this module will
                   # invalidate the PasswordAuthentication setting!
 
# 4.3 Parameter settings related to Kerberos! Since we don't have a Kerberos host, we don't need to configure it below!
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosTgtPassing no
 
# 4.4 Below are the relevant settings for use under X-Window!
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
# 4.5 Items after login:
PrintMotd no # Is there any information displayed after login? For example, the time, location, etc. of the last login,
             etc., the default is yes, but if you want to be safe, you can consider changing it to no!
PrintLastLog yes # Display the information of the last login! sure! The default is also yes!
KeepAlive yes # Generally speaking, if this item is set, then the SSH Server will send
             a message of # KeepAlive to the client to ensure that the connection between the two is normal!
             # In this case, SSH can know immediately after either end dies! And there will be no
             # bots!
UsePrivilegeSeparation yes # User's permission setting item! Just set it to yes!
MaxStartups 10 # Allow several online screens that are not logged in at the same time? When we connect to SSH,
             # but have not entered the password, this time is what we call the online screen!
             # In this connection screen, in order to protect the host, it is necessary to set the maximum value.
             # There are at most ten connection screens by default, and those that have already established connections are not counted among these ten.
# 4.6 Setting items about user resistance:
DenyUsers * # Set the names of users who are blocked, if it is all users, it is all
             # block! For some users, you can fill in the account number! For example the following!
DenyUsers test
DenyGroups test # Same as DenyUsers! Just block a few groups!
# 5. About the setting items of SFTP service!
Subsystem sftp /usr/lib/ssh/sftp-server








If the login is slow, you can check the cause through ssh -v target server IP address.
Generally , it may be caused by gssapi. It can be solved by ssh -o GSSAPIAuthentication=no target server IP address. Modify / GSSAPIAuthentication no in etc/ssh/sshd_config may or may not be useful

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326324351&siteId=291194637
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com