sshd_config优化
linux系统调优,参考百度搜索  linux ssh命令
  /etc/init.d/sshd restart    重启ssh
  193  ls
  194  vim /etc/ssh/sshd_config  编辑ssh配置
GSSAPIAuthentication no   X11Forwarding no    UseDNS no
  195  ls
  196  /etc/init.d/sshd restart    
        yum install openssh-clients    安装SSH
  207  ls
  208  /etc/init.d/sshd restart    
  209  ssh -vv root@172.168.2.196    模拟linux重启 
 
 
 

# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
#SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication no
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
UseDNS no
#CheckHostIP no

#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

sshd_config优化的更多相关文章

  1. centos7的变化(转)

    centos7的变化 找了一个下午都不知道为什么找不到一些命令,终于在一个地方看到了. 地址:http://www.sa-log.com/276.html 王, 帅 2015年09月24日 于 运维日 ...

  2. Linux中Sshd服务配置文件优化版本(/etc/ssh/sshd_config)

    Linux中Sshd服务配置文件优化版本(/etc/ssh/sshd_config) # $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Ex ...

  3. CentOS(5.8/6.7)linux生产环境若干优化实战

    CentOS系统安装之后并不能立即投入生产环境使用,往往需要先经过我们运维人员的优化才行.在此讲解几点关于Linux系统安装后的基础优化操作.注意:本次优化都是基于CentOS(5.8/6.7). 下 ...

  4. CentOS 6.5 安全加固及性能优化 (转)

    通过修改CentOS 6.5 的系统默认设置,对系统进行安全加固,进行系统的性能优化. 环境: 系统硬件:vmware vsphere (CPU:2*4核,内存2G) 系统版本:Centos-6.5- ...

  5. 生产服务器环境最小化安装后 Centos 6.5优化配置[转]

    内容目录 centos6.5最小化安装后配置网络: IP地址, 网关, 主机名, DNS 更新系统源并且升级系统 系统时间更新和设定定时任 创建普通用户并进行sudo授权管理 修改SSH端口号和屏蔽r ...

  6. SSH公钥认证+优化

    一 ssh公钥认证流程: sshclinet机器:产生公私钥(公钥相当于一把锁) sshclient:将公钥发给sshserver(抛出锁子) sshclinet去连sshserver不需要密钥   ...

  7. linux 优化&安全运维&黑客攻防

    优化: 可删除用户:adm,lp,sync,shutdown,halt,news,uucp,operator,games,gopher.   :userdel games 可删除组:adm,lp,ne ...

  8. CentOS 5.8/6.7若干优化

    CentOS系统安装之后并不能立即投入生产环境使用,往往需要先经过我们运维人员的优化才行.在此讲解几点关于Linux系统安装后的基础优化操作.注意:本次优化都是基于CentOS(5.8/6.7). 下 ...

  9. Linux的服务器初始优化脚本。

    #!/bin/bash #优化服务器启动的脚本.禁用无关账号.无关服务 #Lock User Account passwd -l xfs passwd -l news passwd -l nscd p ...

随机推荐

  1. 【Oracle学习笔记-2】Oracle基础术语解析

    来自为知笔记(Wiz) 附件列表 Oracle概念解析.png 表空间.png 大小关系.png 段segment.png 块block.png 区entent.png 数据库基本概念.png

  2. Windows下永久解决数据库乱码 utf8 转 gbk

    产生乱码原因 因为windows终端的默认字符集是gbk编码,而mysql数据库是utf8的编码,所以会产生乱码问题 解决乱码问题(临时修改) 询当前数据库默认编码: mysql> show v ...

  3. VMware新建虚拟机

    VMware作为一个非常便捷的虚拟机软件,学会简单的使用方法,对试验非常有帮助. 1. 打开VM,选择“创建新的虚拟机” 2. 选择典型: 3. 选择稍后选择安装源: 4. 选择Linux,并选择Li ...

  4. 1058 A+B in Hogwarts (20 分)

    1058 A+B in Hogwarts (20 分) If you are a fan of Harry Potter, you would know the world of magic has ...

  5. Python单例模式的4种实现方法

    #-*- encoding=utf-8 -*- print '----------------------方法1--------------------------' #方法1,实现__new__方法 ...

  6. javascript事件处理程序的3个阶段

    第一阶段:HTML事件处理阶段.就是在元素里面添加onclick之类的属性来调用某个函数. <input type="button" value="单击" ...

  7. Spring MVC springMVC-servlet.xml

    DispatcherServlet的配置: DispatcherServlet是SpringMVC的前端控制器,所有的请求都经过前端控制器,也是项目中出现的唯一一个servlet,在 web.xml中 ...

  8. 报错:ORA-02264

    创建表时报错ORA-02264:名称已被一个现有约束条件占用 查询约束名称“PK_DATASOUCE”,然后删除. SELECT a.* FROM user_constraints a where c ...

  9. 5. jdk路径配置

    path , classpath 的配置及作用? 1) PATH环境变量.作用是指定命令搜索路径,在i命令行下面执行命令如javac编译java程序时,它会到PATH变量所指定的路径中查找看是否能找到 ...

  10. ajax 遍历json一维数组

    $.each(data,function(index,value){}data必须是Object类型index是数组的下标value可以是一个对象 function myonclick() { var ...