zoukankan      html  css  js  c++  java
  • OpenSSH

    命令:netstat -tnl   查看当前主机监听端口

    #选项
    -n或--numeric 直接使用IP地址,而不通过域名服务器
    -t或--tcp 显示TCP传输协议的连线状况
    -u或--udp 显示UDP传输协议的连线状况
    -l或--listening 显示监控中的服务器的Socket
    -p或--programs 显示正在使用Socket的程序识别码和程序名称

    Telnet协议

    • TCP/23
    • 明文传输
    • 远程登录协议

    什么是SSH

    • Secure Shell 的缩写
    • 加密传输
    • TCP/22

    什么是OpenSSH

    OpenSSH是安全Shell协议族(SSH)的一个免费版本


    配置文件

      服务端  / etc / ssh / sshd_config

      客户端  / etc / ssh / ssh_config

      服务器配置文件   

    # Package generated configuration file
    # See the sshd_config(5) manpage for details
    
    # What ports, IPs and protocols we listen for
    Port 22        监听端口
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    #ListenAddress 0.0.0.0
    Protocol 2    版本,目前只支持v2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key    密钥
    HostKey /etc/ssh/ssh_host_dsa_key     密钥
    HostKey /etc/ssh/ssh_host_ecdsa_key    密钥
    HostKey /etc/ssh/ssh_host_ed25519_key   密钥
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes
    
    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600   客户端对称密钥重新生成间隔
    ServerKeyBits 1024      服务器端密钥长度
    
    # Logging
    SyslogFacility AUTH     
    LogLevel INFO      日志级别
    
    # Authentication:
    LoginGraceTime 120      登录宽容期
    #PermitRootLogin prohibit-password
    PermitRootLogin yes        是否允许管理员直接登录
    StrictModes yes              是否使用严格限定模式
    
    RSAAuthentication yes             是不是支持RSA认证
    PubkeyAuthentication yes        基于密钥登录
    #AuthorizedKeysFile     %h/.ssh/authorized_keys    密钥存放位置
    
    # Don't read the user's ~/.rhosts and ~/.shosts files    
    IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no    主机认证
    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    #IgnoreUserKnownHosts yes
    
    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no
    
    # Change to yes to enable challenge-response passwords (beware issues with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no
    
    # Change to no to disable tunnelled clear text passwords
    #PasswordAuthentication yes       是否开启口令认证
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosGetAFSToken no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    X11Forwarding yes
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes      是否显示上一次登录信息
    TCPKeepAlive yes
    #UseLogin no
    
    #MaxStartups 10:30:60
    #Banner /etc/issue.net
    
    # Allow client to pass locale environment variables
    AcceptEnv LANG LC_*
    
    Subsystem sftp /usr/lib/openssh/sftp-server      
    
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication.  Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    UsePAM yes           
  • 相关阅读:
    论文阅读:Single Image Dehazing via Conditional Generative Adversarial Network
    lintcode-720重排带整数字符串
    lintcode-828. 字模式
    lintcode-1038. 珠宝和石头
    lintcode-1174.下一个更大的元素 III
    lintcode-80.中位数
    《大道至简》第二章读后感
    从命令行输出数字,求和计算
    《大道至简》第一章伪代码观后感
    ngx_http_referer_module模块说明
  • 原文地址:https://www.cnblogs.com/xiaoliwang/p/9031487.html
Copyright © 2011-2022 走看看