SisMaker
2 years ago
2 changed files with 150 additions and 0 deletions
Split View
Diff Options
+ 4
- 0
src/docs/centos/centos容器开机启动ssh.md
View File
| @ -0,0 +1,4 @@ | |||
| centos 开机启动ssh 放置 /etc/profile.d/startSSH.sh | |||
| startSSH.sh 内容 | |||
| /usr/sbin/sshd | |||
+ 146
- 0
src/docs/centos/sshd_config
View File
| @ -0,0 +1,146 @@ | |||
| # This is the sshd server system-wide configuration file. See | |||
| # sshd_config(5) for more information. | |||
| # This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin | |||
| # The strategy used for options in the default sshd_config shipped with | |||
| # OpenSSH is to specify options with their default value where | |||
| # possible, but leave them commented. Uncommented options override the | |||
| # default value. | |||
| # If you want to change the port on a SELinux system, you have to tell | |||
| # SELinux about this change. | |||
| # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER | |||
| # | |||
| Port 2223 | |||
| #AddressFamily any | |||
| #ListenAddress 0.0.0.0 | |||
| #ListenAddress :: | |||
| HostKey /etc/ssh/ssh_host_rsa_key | |||
| HostKey /etc/ssh/ssh_host_ecdsa_key | |||
| HostKey /etc/ssh/ssh_host_ed25519_key | |||
| # Ciphers and keying | |||
| #RekeyLimit default none | |||
| # System-wide Crypto policy: | |||
| # This system is following system-wide crypto policy. The changes to | |||
| # Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any | |||
| # effect here. They will be overridden by command-line options passed on | |||
| # the server start up. | |||
| # To opt out, uncomment a line with redefinition of CRYPTO_POLICY= | |||
| # variable in /etc/sysconfig/sshd to overwrite the policy. | |||
| # For more information, see manual page for update-crypto-policies(8). | |||
| # Logging | |||
| #SyslogFacility AUTH | |||
| SyslogFacility AUTHPRIV | |||
| #LogLevel INFO | |||
| # Authentication: | |||
| #LoginGraceTime 2m | |||
| PermitRootLogin yes | |||
| #StrictModes yes | |||
| #MaxAuthTries 6 | |||
| #MaxSessions 10 | |||
| #PubkeyAuthentication yes | |||
| # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 | |||
| # but this is overridden so installations will only check .ssh/authorized_keys | |||
| AuthorizedKeysFile .ssh/authorized_keys | |||
| #AuthorizedPrincipalsFile none | |||
| #AuthorizedKeysCommand none | |||
| #AuthorizedKeysCommandUser nobody | |||
| # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | |||
| #HostbasedAuthentication no | |||
| # Change to yes if you don't trust ~/.ssh/known_hosts for | |||
| # HostbasedAuthentication | |||
| #IgnoreUserKnownHosts no | |||
| # Don't read the user's ~/.rhosts and ~/.shosts files | |||
| #IgnoreRhosts yes | |||
| # To disable tunneled clear text passwords, change to no here! | |||
| #PasswordAuthentication yes | |||
| #PermitEmptyPasswords no | |||
| PasswordAuthentication yes | |||
| # Change to no to disable s/key passwords | |||
| #ChallengeResponseAuthentication yes | |||
| ChallengeResponseAuthentication no | |||
| # Kerberos options | |||
| #KerberosAuthentication no | |||
| #KerberosOrLocalPasswd yes | |||
| #KerberosTicketCleanup yes | |||
| #KerberosGetAFSToken no | |||
| #KerberosUseKuserok yes | |||
| # GSSAPI options | |||
| GSSAPIAuthentication yes | |||
| GSSAPICleanupCredentials no | |||
| #GSSAPIStrictAcceptorCheck yes | |||
| #GSSAPIKeyExchange no | |||
| #GSSAPIEnablek5users no | |||
| # Set this to 'yes' to enable PAM authentication, account processing, | |||
| # and session processing. If this is enabled, PAM authentication will | |||
| # be allowed through the ChallengeResponseAuthentication and | |||
| # PasswordAuthentication. Depending on your PAM configuration, | |||
| # PAM authentication via ChallengeResponseAuthentication may bypass | |||
| # the setting of "PermitRootLogin without-password". | |||
| # If you just want the PAM account and session checks to run without | |||
| # PAM authentication, then enable this but set PasswordAuthentication | |||
| # and ChallengeResponseAuthentication to 'no'. | |||
| # WARNING: 'UsePAM no' is not supported in Fedora and may cause several | |||
| # problems. | |||
| UsePAM yes | |||
| #AllowAgentForwarding yes | |||
| #AllowTcpForwarding yes | |||
| #GatewayPorts no | |||
| X11Forwarding yes | |||
| #X11DisplayOffset 10 | |||
| #X11UseLocalhost yes | |||
| #PermitTTY yes | |||
| # It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd, | |||
| # as it is more configurable and versatile than the built-in version. | |||
| PrintMotd no | |||
| #PrintLastLog yes | |||
| #TCPKeepAlive yes | |||
| #PermitUserEnvironment no | |||
| #Compression delayed | |||
| #ClientAliveInterval 0 | |||
| #ClientAliveCountMax 3 | |||
| #UseDNS no | |||
| #PidFile /var/run/sshd.pid | |||
| #MaxStartups 10:30:100 | |||
| #PermitTunnel no | |||
| #ChrootDirectory none | |||
| #VersionAddendum none | |||
| # no default banner path | |||
| #Banner none | |||
| # Accept locale-related environment variables | |||
| AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | |||
| AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | |||
| AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE | |||
| AcceptEnv XMODIFIERS | |||
| # override default of no subsystems | |||
| Subsystem sftp /usr/libexec/openssh/sftp-server | |||
| # Example of overriding settings on a per-user basis | |||
| #Match User anoncvs | |||
| # X11Forwarding no | |||
| # AllowTcpForwarding no | |||
| # PermitTTY no | |||
| # ForceCommand cvs server | |||