# $ Openbsd: sshd_config, v 1.59 2002/09/25 11:17:16 Markus EXP $ # $ freebsd: src / crypto / openssh / sshd_config, v 1.4.2.13 2003/09/24 19:28:35 des Exp $
# This is the sshd server system-wide configure file. See # sshd_config (5) for more information.
# This sshd Was compiled with path = / usr / bin: / bin: / usr / sbin: / sbin
# The strategy used Uncommented options change a # default value for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented..
# Note That Some of FreeBSD's Defaults Differ from OpenBSD'S, and # Freebsd Has A Few Additional Options.
#Versionadde plEebsd-20030924
Port 22 # Listening Port
#Protocol 2,1Protocol 2 # SSH version
#ListenAddress 192.168.1.254 Binding address
#Listenaddress ::
# Hostkey for protocol version 1 # hostkey / etc / ssh / ssh_host_key # hostkeys for protocol version 2HostKey / etc / ssh / ssh_host_dsa_key
# 主 主 所 k # 使用 使用 / / # # # 使用 使用 使用 使用 使用 使用 2 使用 2 2 2 2 2 2 2
# Lifetime and size of ephemeral Version 1 Server Key # This setting is only for SSH 1 version of the KeyRegenerationInterval 3600 # server KEY Survival time, unit is the length of second serverkeybits 768 # Key
# Logging # Obsoletes Quietmode and FascistLoggingsyslogfacility Authloglevel Info.LogLOGLESLOGFCILITY
# Authentication:
LogingRacetime 600 # After connecting the password, the unit is second, this is the default, long point, it is recommended to get a short bit, let you lose your password 10 minutes? PermitRootLogin No # root can be remotely logged in, it is recommended to use SSH 1, Don't open # If you useout-password, the root cannot log in with the password, but you can use the key to log in to strictModes Yes # check the permissions of the user's directory and RHOSTS files and ownership, if other people can write, refuse to use
#Rsaauthentication yes # Only use RSA certification, only for SSH 1 version PubkeyAuthentication Yes # Using Pubkey authentication, use SSH 2 must open, only for SSH 2 version authorizedKeysfile.ssh / authorized_keys # key path and name
# RHOSTS Authentication Should Not Be UsedRhostsauthentication No # Using rhosts-based security verification, no need.
# Don't read the user's ~ / .rhosts and ~ / .shosts filesignorerhosts Yes # Not used ~ / .rhosts ~ / .shosts, these 2 files Certified # for this to work you will also need Host Keys In / ETC / ssh / ssh_known_hosts # rhostsrsaauthentication no # Using RHOST file authentication, only for SSH 1
# Similar for Protocol Version 2HostBaseDAuthentication No # Using rhost file authentication, only for SSH 2
# Change to yes if you don't trust ~ / .ssh / knower_hosts for # rhostsrsaauthentication and hostbasedAuthentication # Do not use ~ / .ssh / knower_hosts file, we want to use, choose NO, the default is also no # ignoreuserknownhosts no
# T disable tunneled clear text passwords, change to no here! PasswordAuthentication no # Do not use password verification, use SSH 2 to close
PermiteMptyPasswords No # Using a null password, close the default
# Change to no to disable Pam Authentication NO # Any password authentication, we use key authentication, close, this default is YES. Use Key certification, must be closed
# Kerberos options # kerberosauthentication no # kerberosorlocalpasswd yes # kerberosticketcleanup Yes
#Afstokenpassing no
# Kerberos TGT Passing Only Works with the Afs Kaserver # kerberostgtpassing no
# X11forwarding yesx11forwarding no # Set whether to allow x11 Forward, the default is allowed # x11displayoffset 10 # x11uSelocalhost YESX11USELOCALHOST NO # Using the local host #printmotd YES # Show the contents of the MOTD file #printlastlog YES # Show the last login information, the default is open # Keepalive Yes
# USelogin no
# USEPRIVILEGESEPARATION YES
#Ppermituserenvironment no # Using an account environment
#Compression yes # Compressed data, default compression
#Maxstartups 10 # Maximum number of unregistered connections, build a big bit # no Default banner path # banner / some / path # verifyreverseMapping no
# Override default of no subsystemssubsystem sftp / usr / libexec / sftp-server
ALLOWGROUPS WHEEL # Allowed group allowuses # Allowed users
TIP ~
SSHD settings, please refer to the configuration file above SSH 21. Generate the keySH-KEYGEN -T DSA used by SSH2
2.cp id_dsa.pub to the remote host ~ / .ssh / under CAT ID_DSA.PUB >> ~ / .ssh / authorized_keysrm id_dsa.pubchmod 700 ~ / .ssh / authorized_keys
Do not use mv or CP to generate an Authorized_Keys file because it will make your other Pubkey lose authorized_keys can include multiple Pubkey3.SSH -I ID_DSA User @ HostName Connect Host Enter KEY passwords to connect to connect to connect SSH 2 Server SecureCRT Key and SSHD are incompatible, format issues need to convert identity.pub generated Pubkey conversion ssh-keygen -x -f iDENTITY.PUB> Identity.pub2 joose Authorized_KeysRM for secureCRT Identity.pub * You can connect the key pair generated by SecureCRT and the key generated by the SecureCRT, which can only know the format of its key, so that both can only know the format of their key, so they can use SecureCRT The OpenSSH connection is used to use their own key format. You can generate it with any method and then use SSH-Keygen -i to convert the key format generated by SecureCrt to OpenSsh, or use ssh-keygen -e OpenSSH's key format is converted to SecureCRT to identify IETF Secsh formats. Cygwin-> WIN list Cygcrypto-0.9.7.dllcygminires.dllcygwin1.dllcygz.dllscp.exesftp.exessh-add.exessh-agent.exessh-keygen.exessh-keyscan.exessh.exessh_config
SecureCRT cygwin_ssh http://tmdnet.3322.org/kidsftp commandcd path Change remote directory to 'path' remote switching path lcd path Change local directory to 'path' local switching path chgrp grp path Change group of file 'path' to 'grp 'Change group chmod mode path' to 'Mode' Change Permissions Chown OWN PATH CHANGE OWNER OF FILE 'PATH' TO 'OWN' Change The main Help Display this Help Text help get remote-path [local- path] Download file download file lls [ls-options [path]] display local directory listing the list of local directory ln oldpath newpath Symlink remote file to establish a connection lmkdir path Create local directory local directory lpwd Print local working directory to display the local working directory ls [path ] Display Remote Directory Listing List Remote Directory LUMASK UMASK SET LOCAL UMASK To 'Umask' Set Local Umaskmkdir Path Create Remote Directory Established Remote Directory Progress Toggle Display of progress meter off the display of the progress bar put local-path [remote-path] Upload file upload files pwd Display remote working directory displays the remote working directory exit Quit sftp exit sftp environment quit Quit sftp exit sftp environmental rename oldpath newpath Rename remote file renaming remote files RMDir Path Remove Remote Directory Remove Remote Directory RM Path Delete Remote File Remove Remote File Symlink OldPath NewPath Symlink Remote File Establishs Connection Version Show SFTP Version View Version! Command Execute 'Command'
