sshd_config优化
linux系统调优,参考百度搜索  linux ssh命令
  /etc/init.d/sshd restart    重启ssh
  193  ls
  194  vim /etc/ssh/sshd_config  编辑ssh配置
GSSAPIAuthentication no   X11Forwarding no    UseDNS no
  195  ls
  196  /etc/init.d/sshd restart    
        yum install openssh-clients    安装SSH
  207  ls
  208  /etc/init.d/sshd restart    
  209  ssh -vv root@172.168.2.196    模拟linux重启 
 
 
 

# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
#SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication no
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
UseDNS no
#CheckHostIP no

#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

sshd_config优化的更多相关文章

  1. centos7的变化(转)

    centos7的变化 找了一个下午都不知道为什么找不到一些命令,终于在一个地方看到了. 地址:http://www.sa-log.com/276.html 王, 帅 2015年09月24日 于 运维日 ...

  2. Linux中Sshd服务配置文件优化版本(/etc/ssh/sshd_config)

    Linux中Sshd服务配置文件优化版本(/etc/ssh/sshd_config) # $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Ex ...

  3. CentOS(5.8/6.7)linux生产环境若干优化实战

    CentOS系统安装之后并不能立即投入生产环境使用,往往需要先经过我们运维人员的优化才行.在此讲解几点关于Linux系统安装后的基础优化操作.注意:本次优化都是基于CentOS(5.8/6.7). 下 ...

  4. CentOS 6.5 安全加固及性能优化 (转)

    通过修改CentOS 6.5 的系统默认设置,对系统进行安全加固,进行系统的性能优化. 环境: 系统硬件:vmware vsphere (CPU:2*4核,内存2G) 系统版本:Centos-6.5- ...

  5. 生产服务器环境最小化安装后 Centos 6.5优化配置[转]

    内容目录 centos6.5最小化安装后配置网络: IP地址, 网关, 主机名, DNS 更新系统源并且升级系统 系统时间更新和设定定时任 创建普通用户并进行sudo授权管理 修改SSH端口号和屏蔽r ...

  6. SSH公钥认证+优化

    一 ssh公钥认证流程: sshclinet机器:产生公私钥(公钥相当于一把锁) sshclient:将公钥发给sshserver(抛出锁子) sshclinet去连sshserver不需要密钥   ...

  7. linux 优化&安全运维&黑客攻防

    优化: 可删除用户:adm,lp,sync,shutdown,halt,news,uucp,operator,games,gopher.   :userdel games 可删除组:adm,lp,ne ...

  8. CentOS 5.8/6.7若干优化

    CentOS系统安装之后并不能立即投入生产环境使用,往往需要先经过我们运维人员的优化才行.在此讲解几点关于Linux系统安装后的基础优化操作.注意:本次优化都是基于CentOS(5.8/6.7). 下 ...

  9. Linux的服务器初始优化脚本。

    #!/bin/bash #优化服务器启动的脚本.禁用无关账号.无关服务 #Lock User Account passwd -l xfs passwd -l news passwd -l nscd p ...

随机推荐

  1. 1108 Finding Average (20 分)

    1108 Finding Average (20 分) The basic task is simple: given N real numbers, you are supposed to calc ...

  2. Vcenter5.5+vmwarePowercli6.5+powershell5批量创建虚拟机

    另存为xxx.ps1 ##########################通过模版批量部署虚拟机以下内容需要人工定义变量####################### #Vcenter的IP $vce ...

  3. zabbix企业应用:通过SNMP和iDRAC监控DELL服务器硬件

    原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 .作者信息和本声明.否则将追究法律责任.http://qicheng0211.blog.51cto.com/3958621/174998 ...

  4. 第10课 struct 和 union 分析

    1. struct的小秘密 (1)C语言中的struct可以看作变量的集合 (2)struct的问题——空结构体占用多的内存? [实例分析]空结构体的大小 #include <stdio.h&g ...

  5. Unity的JIT和AOT实现

    https://myhloli.com/about-il2cpp.html JIT方式: Unity的跨平台技术是通过一个Mono虚拟机实现的.而这个虚拟机更新太慢,不能很好地适应众多的平台. And ...

  6. Python3 os模块应用

    调用模块的实质是运行python代码,比如a.py文件里有函数f(),那么你在调用a模块的时候,实质是运行了a模块里的函数f(),这个时候内存里就有这个函数了,可以直接用,那是不是随便一个py类型的文 ...

  7. 2018-2019-2 《网络对抗技术》Exp3 免杀原理与实践 Week5 20165233

    Exp3 免杀原理与实践 实验内容 一.基础问题回答 1.杀软是如何检测出恶意代码的? 基于特征码的检测:通过与自己软件中病毒的特征库比对来检测的. 启发式的软件检测:就是根据些片面特征去推断.通常是 ...

  8. 用多个class选择元素

    注意下面两个的区别:  $(".role-developer.role-designer").css("color","red");  $( ...

  9. rabbitMQ 的基本知识

    参考:  https://www.cnblogs.com/dwlsxj/p/RabbitMQ.html

  10. HTML5 Canvas ( 图形变换, 升级版的星空 ) translate, rotate, scale

    <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title> ...