An experience of upgrading SSH!

zhaozj2021-02-16  105

Ssh upgrade their primary experience Date: 2004/07/30 Author: zcatlinux Source: zclinux

First download: openssh-3.8p1.tar.gz zlib-1.2.1.tar.gz gd-deb-1.8.4-11.i386.rpm installation: 1, TAR ZXVF ZLIB-1.2.1.tar.gz CD ZLIB -1.2.1 ./configure make make install 2, rpm -ivh gd-designall-1.8.4-11.i386.rpm 3, TAR ZXVF OPENSSH-3.8P1.TAR.GZ CD OpenSSH-3.8P1 ./configure make make INSTALL 4, UserAdd SSHD Edit Profile: 1, Vi /etc/init.d/sshd (edited) Keygen = / usr / local / bin / ssh-keygen sshd = / usr / local / sbin / sshd RSA1_Key = / usr / local / etc / ssh_host_key RSA_KEY = / usr / local // etc / ssh_host_rsa_key DSA_KEY = / usr / local // etc / ssh_host_dsa_key 2, vi / usr / local / etc / sshd_config # $ OpenBSD: sshd_config, v 1.68 2003/12/29 16:39:50 Millert EXP $

# This is the sshd server system-wide configure file. See # sshd_config (5) for more information.

# This sshd Was compiled with path = / usr / bin: / bin: / usr / sbin: / sbin: / usr / local / bin

# The strategy used Uncommented options change a # default value for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented..

Port 22 # protocol 2,1 # listenaddress 0.0.0.0 # listenaddress ::

# Hostkey for protocol version 1HostKey / usr / local / etc / ssh_host_key # hostkeys for protocol version 2HostKey / usr / local / etc / ssh_host_rsa_keyhostkey / usr / local / etc / ssh_host_dsa_key

# Lifetime and size of ephemeraral Version 1 Server KeyKeyRegenerationInterval 1HServerKeybits 768 # logging # Obsoletes Quietmode and FascistLoggingsyslogfacility Authloglevel Info

# Authentication:

LogingRacetime 2MpermitRootlogin YESSTRICTMODES YES

Rsaauthentication YespubkeyAuthentication YESAUTHORIZEDKEYSFILE .SSH / Authorized_Keys

# For this to work you will also need host keys in / usr / local / etc / ssh_known_hostsRhostsRSAAuthentication no # similar for protocol version 2HostbasedAuthentication no # Change to yes if you do not trust ~ / .ssh / known_hosts for # RhostsRSAAuthentication and HostbasedAuthenticationIgnoreUserKnownHosts no # Don't read the user's ~ / .rhosts and ~ / .shosts filesignorerhosts Yes

# To disable tunneled clear text passwords, change to no here! PasswordAuthentication YespermItemptyPasswords NO

# Change to no to disable s / key passwordschallengeresponseauthentication Yes

# Kerberos options # kerberosauthentication no # kerberosorlocalpasswd yes # kerberosticketcleanup yes # kerberosgetafstoken no

# Gssapi options # gssapiauthentication no # gssapicleanupcredentials Yes

# Set this to 'yes' to enable PAM authentication (via challenge-response) # and session processing. Depending on your PAM configuration, this may # bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords' # UsePAM no

AllowTcpForwarding yesGatewayPorts noX11Forwarding noX11DisplayOffset 10X11UseLocalhost yes # PrintMotd yesPrintLastLog yes # TCPKeepAlive yesUseLogin no # UsePrivilegeSeparation yes # PermitUserEnvironment no # Compression yes # ClientAliveInterval 0 # ClientAliveCountMax 3 # UseDNS yes # PidFile /var/run/sshd.pid#MaxStartups 10

# no default banner path # Banner / Some / Path

转载请注明原文地址:https://www.9cbs.com/read-11096.html

New Post(0)