SSH服务器端/etc/ssh/sshd_conf配置文件详解
The default requires explicit activation of protocol 1
HostKey for protocol version 1 一版的SSH支持以下一种秘钥形式
HostKeys for protocol version 2 使用第二版本发送秘钥,支持以下四种秘钥认证的存放位置:(centos6只支持rsa和dsa两种)
Lifetime and size of ephemeral version 1 server key
Ciphers and keying
Logging
obsoletes QuietMode and FascistLogging
Authentication:
The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
but this is overridden so installations will only check .ssh/authorized_keys
For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
similar for protocol version 2
Change to yes if you don‘t trust ~/.ssh/known_hosts for
RhostsRSAAuthentication and HostbasedAuthentication
Don‘t read the user‘s ~/.rhosts and ~/.shosts files
To disable tunneled clear text passwords, change to no here!
Change to no to disable s/key passwords
Kerberos options 是否支持kerberos(基于第三方的认证,如LDAP)认证的方式,默认为no
GSSAPI options
Set this to ‘yes‘ to enable PAM authentication, account processing,
and session processing. If this is enabled, PAM authentication will
be allowed through the ChallengeResponseAuthentication and
PasswordAuthentication. Depending on your PAM configuration,
PAM authentication via ChallengeResponseAuthentication may bypass
the setting of "PermitRootLogin without-password".
If you just want the PAM account and session checks to run without
PAM authentication, then enable this but set PasswordAuthentication
and ChallengeResponseAuthentication to ‘no‘.
WARNING: ‘UsePAM no‘ is not supported in Red Hat Enterprise Linux and may cause several
problems.
no default banner path
Accept locale-related environment variables
override default of no subsystems
Example of overriding settings on a per-user basis
X11Forwarding no
AllowTcpForwarding no
PermitTTY no
ForceCommand cvs server
文章来自:http://blog.51cto.com/gotoo/2118979