ip addr #Show addresses assigned to all network interfaces. 展示本机IP等信息 ip neigh #Shows the current neighbour table in kernel. 展示网络邻居IP ip route #Show table routes. 展示路由信息
# This is the sshd server system-wide configuration file. See # sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value.
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no
# Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no
# GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes
#AllowAgentForwarding yes AllowTcpForwarding no #GatewayPorts no X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no PrintLastLog yes TCPKeepAlive yes #PermitUserEnvironment no Compression yes ClientAliveInterval 120 #120秒发送一次包确认客户端是否活跃 ClientAliveCountMax 20 #超过20次那么关闭会话,也就是说40分钟不活跃,才会断开连接 ,这样能顾保持较长的连接时间而不至于断开 UseDNS no PidFile /var/run/sshd.pid MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none
# no default banner path #Banner none
# Allow client to pass locale environment variables AcceptEnv LANG LC_*
# override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server # PasswordAuthentication no
记得之前刚建服务器的时候,前后流程走得太慢了,学一步走一步,导致从拷贝公钥到关闭密码登录之间的时间太长,然后端口也没更改,中间还去吃了顿饭,前前后后有四五个小时吧。后来整好后,看了下log,发现满屏都是尝试登录的,IP地址来源大部分是荷兰(Normal Shutdown, Thank you for playing [preauth]),自己登录的次数反而寥寥,有部分来自德国的,用户名竟然是拼音,这就过分了哈。