生产环境下的SSH标准配置

SSH配置直接影响到服务器的安全性，这里列出生产使用的SSH配置以供参考，配置文件路径为/etc/ssh/sshd_config

# 1. Basic
Port 9527
Protocol 2
AddressFamily inet

# 2. Authentication
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
AuthorizedKeysFile .ssh/authorized_keys

KeyRegenerationInterval 3600
ServerKeyBits 1024
UsePrivilegeSeparation yes
LoginGraceTime 120

PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no


# 3. Features
UseDNS no
UsePAM no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*


# 4. Logging
SyslogFacility AUTH
LogLevel INFO


# 5. x509
Subsystem sftp /usr/lib/sftp-server

📅 2020-08-26
🏷️ 规范文档

能看到这里一定是真爱，关注一下吧

运维咖啡吧

享受技术带来的乐趣，体验生活给予的感动

生产环境下的SSH标准配置