Shulou(Shulou.com)06/01 Report--

Editor to share with you how to configure suse10 / etc/ssh/sshd_config file, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

"/ etc/ssh/sshd_config" is the configuration file for OpenSSH that allows setting options to change the operation of the daemon. Each line of this file contains a "keyword-value" match, where the "keyword" ignores case. Listed below are the most important keywords, and a detailed list can be obtained by viewing the help page (sshd (8)) with the man command.

Edit the "sshd_config" file (vi / etc/ssh/sshd_config) to add or change the following parameters:

# This is ssh server systemwide configuration file.

Port 22

ListenAddress 192.168.1.1

HostKey / etc/ssh/ssh_host_key

ServerKeyBits 1024

LoginGraceTime 600

KeyRegenerationInterval 3600

PermitRootLogin no

IgnoreRhosts yes

IgnoreUserKnownHosts yes

StrictModes yes

X11Forwarding no

PrintMotd yes

SyslogFacility AUTH

LogLevel INFO

RhostsAuthentication no

RhostsRSAAuthentication no

RSAAuthentication yes

PasswordAuthentication yes

PermitEmptyPasswords no

AllowUsers admin

The above option settings are explained line by line below:

Port 22

"Port" sets the port number for sshd listeners.

ListenAddress 192.168.1.1

"ListenAddress" sets the IP address that the sshd server binds.

HostKey / etc/ssh/ssh_host_key

The "HostKey" setting contains the file for the computer's private key.

ServerKeyBits 1024

"ServerKeyBits" defines the number of digits of the server key.

LoginGraceTime 600

"LoginGraceTime" sets the amount of time (in seconds) that the server needs to wait before disconnecting if the user is unable to log in successfully.

KeyRegenerationInterval 3600

"KeyRegenerationInterval" sets the number of seconds after which the server's key is automatically regenerated (if the key is used). The purpose of regenerating the key is to prevent the stolen key from being used to decrypt the intercepted information.

PermitRootLogin no

"PermitRootLogin" sets whether root can log in with ssh. This option must not be set to "yes".

IgnoreRhosts yes

The "IgnoreRhosts" setting verifies whether the "rhosts" and "shosts" files are used.

IgnoreUserKnownHosts yes

"IgnoreUserKnownHosts" sets whether ssh daemon ignores the user's "$HOME/.ssh/known_hosts" when performing RhostsRSAAuthentication security authentication

StrictModes yes

"StrictModes" sets whether ssh checks the permissions and ownership of the user's home directory and rhosts files before receiving login requests. This is usually necessary because beginners often set their directories and files so that anyone has write access.

X11Forwarding no

The "X11Forwarding" setting allows X11 forwarding.

PrintMotd yes

"PrintMotd" sets whether sshd displays the information in "/ etc/motd" when the user logs in.

SyslogFacility AUTH

"SyslogFacility" sets whether to give "facility code" when logging messages from sshd.

LogLevel INFO

LogLevel sets the level at which sshd log messages are logged. INFO is a good choice. Check out sshd's man help page for more information.

RhostsAuthentication no

The "RhostsAuthentication" setting only uses rhosts or "/ etc/hosts.equiv" for security verification is sufficient.

RhostsRSAAuthentication no

The "RhostsRSA" setting allows security authentication with rhosts or "/ etc/hosts.equiv" plus RSA.

RSAAuthentication yes

Whether the "RSAAuthentication" setting allows only RSA security authentication.

PasswordAuthentication yes

Whether the "PasswordAuthentication" setting allows password authentication.

PermitEmptyPasswords no

The "PermitEmptyPasswords" setting allows login with an account with an empty password.

AllowUsers admin

"AllowUsers" can be followed by any number of patterns of user names or matching strings such as user@host, separated by spaces. The hostname can be a DNS name or an IP address.

The above is all the content of the article "how to configure suse10 / etc/ssh/sshd_config file". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.