centos7 ssh

fazhilun · Jul 22, 2016 · 1dddd7e · 1dddd7e
1 parent f975a92
commit 1dddd7e
Showing 1 changed file with 43 additions and 0 deletions.
diff --git a/ssh/ssh_config_centos7.sh b/ssh/ssh_config_centos7.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+## SSH   2016-07-22
+## http://www.aqzt.com
+##email: [email protected]
+##robert yu
+##centos 7
+
+
+##SSH配置优化
+cat /etc/ssh/sshd_config
+Port 22
+AddressFamily inet
+ListenAddress 0.0.0.0
+Protocol 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+SyslogFacility AUTHPRIV
+PermitRootLogin yes
+MaxAuthTries 6
+RSAAuthentication yes
+PubkeyAuthentication yes
+AuthorizedKeysFile	.ssh/authorized_keys
+PasswordAuthentication yes
+ChallengeResponseAuthentication no
+UsePAM yes
+UseDNS no
+X11Forwarding yes
+UsePrivilegeSeparation sandbox
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+Subsystem       sftp    /usr/libexec/openssh/sftp-server
+
+
+##SSH禁止IPv6,只要ipv4
+AddressFamily inet
+ListenAddress 0.0.0.0
+
+##不建议启用这两个配置，会导致SSH慢
+#GSSAPIAuthentication yes
+#GSSAPICleanupCredentials yes