Ssh server configuration file sshd_ Config and operation

Server's sshd Configuration file for :/etc/sshd/sshd_config
Just introduce the key things
# The note needs to be deleted to reconfigure #（ For example, change the port port 2222）

#Port 22  Default port number ,  Multiple port numbers can be used 
#Port 443
#AddressFamily any # Agreement family , IPV4 or IPV6
#ListenAddress 0.0.0.0 # Monitor address 
#ListenAddress :: #  To specify IPV6 All address formats 
# The current version supports key authentication methods 
HostKey /etc/ssh/ssh_host_rsa_key #rsa Private key authentication 
HostKey /etc/ssh/ssh_host_ecdsa_key #ecdsa Private key authentication 
HostKey /etc/ssh/ssh_host_ed25519_key #ed25519 Private key authentication 

# Logging # Information about log file data placement and daemon The name of 
#SyslogFacility AUTH #  Someone used SSH When logging into the system ,SSH Will record information , Recorded in the /var/log/secure
SyslogFacility AUTHPRIV #  The default is AUTH To set up .
#LogLevel INFO #  The log level 

# Authentication: # authentication 
#LoginGraceTime 2m # The password input screen appears , How long have you not been successfully connected SSH Server It's broken .
PermitRootLogin yes  #  Whether to allow administrators to log in remotely 
#StrictModes yes # sshd Check the permission data of the user's home directory or related files ,  When the user's host key After change ,Server Online... Is not accepted 
                              
#MaxAuthTries 6 #  Maximum number of attempts 
#MaxSessions 10 #  Maximum number of sessions allowed 

#PubkeyAuthentication yes # Whether to allow Public Key

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys #  When selecting key based authentication , After the client generates a pair of public and private keys , Put the public key in .ssh/authorized_keys, 
                                           
#AuthorizedPrincipalsFile none # Send welcome message file ,none Means not to send 

#AuthorizedKeysCommand none # Specify the script to find the user's public key file for authentication , Call... At the login authentication level , The acceptable parameters are the private key used when the user attempts to log in 

#AuthorizedKeysCommandUser nobody # Specify the users to find 

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no # Trust ~/.ssh/known_hosts file 
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no # Ignore user known_hosts file 
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes # Cancel use ~/.ssh/.rhosts As a certification .

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes #  Whether password verification is required 
#PermitEmptyPasswords no #  Whether null password is allowed 
PasswordAuthentication yes 

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no #  Is it permissible to question - The reply (challenge-response) authentication .
                                   #  The default value is "yes", all  login.conf All authentication methods allowed in are supported .

# Kerberos options #Kerberos Authentication server options 
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options # Common security services API options 
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# PAM: Pluggable Authentication Modules  Pluggable authentication module 
UsePAM yes # Use PAM Module Certification 

#AllowAgentForwarding yes #  Allow forwarding through proxy 
#AllowTcpForwarding yes #  Allow to pass through TCP forward 
#GatewayPorts no #  Forwarding path port 
X11Forwarding yes  #X-window Set up 
#X11DisplayOffset 10 #x-window Set up 
#X11UseLocalhost yes #x-window Set up 
#PermitTTY yes # allow tty
# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
# as it is more configurable and versatile than the built-in version.
PrintMotd no # Whether to display information after login , Even if you read /etc/motd The contents of the document 

#PrintLastLog yes # Display last login information 
#TCPKeepAlive yes #SSH Server It will transmit KeepAlive Information to the Client, Make sure you are online  
#PermitUserEnvironment no # If one party goes offline ,SSh You can know immediately 
#Compression delayed # Compression delay 
#ClientAliveInterval 0 # Set the maximum duration of idle login 
#ClientAliveCountMax 3 # When no data is received , Maximum direction 3 One client for keepalive testing 
#ShowPatchLevel no # Display patch level 
#UseDNS no # Turn on DNS analysis 
#PidFile /var/run/sshd.pid # Storage ssh Of pid file  
#MaxStartups 10:30:100 # The maximum number of unauthenticated connections can be maintained 
#PermitTunnel no # allow tun Device forwarding 
#ChrootDirectory none # Whether to allow switching directories 
#VersionAddendum none # Configure additional versions 

# no default banner path
#Banner none # Do not set welcome words 

# Accept locale-related environment variables  Accept local dependent environment variable types 

# Open or not sftp service 
# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no # Open or not X11 forward 
# AllowTcpForwarding no # Whether to allow TCP forward 
# PermitTTY no # Whether to allow tty
# ForceCommand cvs server # Limit command