etc/sshd_config > 우툰투 자료실 정성규 낙엽타는향기 홈페이지

본문 바로가기

우툰투 자료실

우툰투 자료실 HOME


etc/sshd_config

페이지 정보

작성자 정성규 댓글 0건 조회 912회 작성일 21-10-25 23:20

본문

# Package generated configuration file

# See the sshd_config(5) manpage for details


# What ports, IPs and protocols we listen for

Port 22

# Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::

#ListenAddress 0.0.0.0

Protocol 2

# HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

HostKey /etc/ssh/ssh_host_ecdsa_key

#Privilege Separation is turned on for security

UsePrivilegeSeparation yes


# Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600

ServerKeyBits 768


# Logging

SyslogFacility AUTH

LogLevel INFO


# Authentication:

LoginGraceTime 120

PermitRootLogin yes

StrictModes yes


RSAAuthentication yes

PubkeyAuthentication yes

#AuthorizedKeysFile%h/.ssh/authorized_keys


# Don't read the user's ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

# similar for protocol version 2

HostbasedAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes


# To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no


# Change to yes to enable challenge-response passwords (beware issues with

# some PAM modules and threads)

ChallengeResponseAuthentication no


# Change to no to disable tunnelled clear text passwords

#PasswordAuthentication yes


# Kerberos options

#KerberosAuthentication no

#KerberosGetAFSToken no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes


# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes


X11Forwarding yes

X11DisplayOffset 10

PrintMotd no

PrintLastLog yes

TCPKeepAlive yes

#UseLogin no


#MaxStartups 10:30:60

#Banner /etc/issue.net


# Allow client to pass locale environment variables

AcceptEnv LANG LC_*


Subsystem sftp /usr/lib/openssh/sftp-server


# Set this to 'yes' to enable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes



댓글목록

등록된 댓글이 없습니다.

Total 66 / 1 page

우툰투 자료실 목록

게시물 검색