运维咖啡吧

追求技术的道路上,我从不曾停下脚步

生产环境下的SSH标准配置

SSH配置直接影响到服务器的安全性,这里列出生产使用的SSH配置以供参考,配置文件路径为/etc/ssh/sshd_config

# 1. Basic
Port 9527
Protocol 2
AddressFamily inet

# 2. Authentication
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
AuthorizedKeysFile .ssh/authorized_keys

KeyRegenerationInterval 3600
ServerKeyBits 1024
UsePrivilegeSeparation yes
LoginGraceTime 120

PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no


# 3. Features
UseDNS no
UsePAM no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*


# 4. Logging
SyslogFacility AUTH
LogLevel INFO


# 5. x509
Subsystem sftp /usr/lib/sftp-server