Linux SysOps SSHÅþÁ¬ËÙÂÊÓÅ»¯¼¼ÇÉ
Linux SysOps SSHÅþÁ¬ËÙÂÊÓÅ»¯¼¼ÇÉ
SSH£¨Secure Shell£©ÊÇÒ»ÖÖÍøÂçÐÒ飬ÓÃÓÚÔÚ²»Çå¾²µÄÍøÂçÉÏÇå¾²µØÖ´ÐÐÔ¶³ÌÏÂÁîºÍ´«ÊäÎļþ¡£×÷ΪLinuxϵͳÔËάְԱ£¬ÎÒÃǾ³£ÐèҪʹÓÃSSHÀ´Ô¶³ÌÅþÁ¬Ð§ÀÍÆ÷¾ÙÐÐÖÎÀíºÍά»¤¡£È»¶ø£¬ÓÐʱ¼äÎÒÃÇ¿ÉÄÜ»áÓöµ½SSHÅþÁ¬ËÙÂʽÏÂýµÄÎÊÌ⣬Õâ»áÓ°ÏìÎÒÃǵÄÊÂÇéЧÂÊ¡£±¾ÎĽ«ÏÈÈÝһЩÓÅ»¯SSHÅþÁ¬ËÙÂʵļ¼ÇÉ£¬²¢ÌṩÏêϸµÄ´úÂëʾÀý¡£
ʹÓÃSSHÉèÖÃÎļþ
SSHÉèÖÃÎļþλÓÚ/etc/ssh/sshd_config£¬ÔÚÆäÖпÉÒÔÉèÖÃһЩ²ÎÊýÀ´ÓÅ»¯SSHÅþÁ¬ËÙÂÊ¡£ÒÔÏÂÊÇһЩ³£ÓõÄÉèÖÃÑ¡Ï
TCPKeepAlive£ºÕâ¸öÑ¡Ïî¿ØÖÆÊÇ·ñ·¢ËÍTCP keepAlive°ü£¬¿ÉÒÔ¼á³ÖSSHÅþÁ¬»îÔ¾¡£½«ÆäÉèÖÃΪ¡°yes¡±¿ÉÒÔ¸ÄÉÆÅþÁ¬ËÙÂÊ£¬ïÔ̶ϿªÅþÁ¬µÄ¿ÉÄÜÐÔ¡£
TCPKeepAlive yes
µÇ¼ºó¸´ÖÆ
ClientAliveIntervalºÍClientAliveCountMax£ºÕâÁ½¸öÑ¡ÏîÓÃÓÚ¼ì²â¿ÕÏÐÅþÁ¬²¢×Ô¶¯¶Ï¿ª£¬Ä¬ÈϵľàÀëÊÇ0£¬ÌåÏÖ½ûÓô˹¦Ð§¡£¿ÉÒÔ½«ClientAliveIntervalÉèÖÃΪһ¶¨µÄʱ¼ä¾àÀ루Èç60Ã룩£¬²¢ÇÒ½«ClientAliveCountMaxÉèÖÃΪһ¶¨µÄ´ÎÊý£¨Èç3´Î£©£¬ÒÔ¼á³ÖSSHÅþÁ¬µÄ»îÔ¾ÐÔ¡£
ClientAliveInterval 60 ClientAliveCountMax 3
µÇ¼ºó¸´ÖÆ
UseDNS£ºÈôÊÇÄãµÄÍøÂçÇéÐÎûÓÐÆôÓÃDNSЧÀÍ£¬¿ÉÒÔ½«UseDNSÉèÖÃΪ¡°no¡±£¬ÕâÑù¿ÉÒÔ¼ÓËÙSSHÅþÁ¬ËÙÂÊ¡£
UseDNS no
µÇ¼ºó¸´ÖÆ
Compression£ºÆôÓÃÊý¾ÝѹËõ¿ÉÒÔïÔÌÊý¾Ý´«ÊäÁ¿£¬´Ó¶øÌá¸ßÅþÁ¬ËÙÂÊ¡£¿ÉÊÇ£¬ÈôÊÇÄãµÄÍøÂç´ø¿íºÜ´ó£¬¿ÉÄܲ»ÐèÒªÆôÓôËÑ¡Ïî¡£
Compression yes
µÇ¼ºó¸´ÖÆ
ʹÓÃSSH Agent Forwarding
SSH Agent Forwarding ÊÇÒ»ÖÖ½«ÍâµØÅÌËã»úÉϵÄSSHÃÜԿת´ï¸øÔ¶³ÌЧÀÍÆ÷µÄ¹¦Ð§£¬¿ÉÒÔ×èÖ¹¶à´ÎÊäÈëÃÜÂë¡£ÔÚʹÓÃSSH Agent Forwarding֮ǰ£¬ÐèҪȷ±£ÍâµØÅÌËã»úÒѾÉèÖÃÁËSSHÃÜÔ¿¡£
ÔÚÍâµØÅÌËã»úÉÏ£¬Ö»ÐèÔËÐÐÒÔÏÂÏÂÁî¼´¿É£º
ssh-add
µÇ¼ºó¸´ÖÆ
È»ºóͨ¹ýSSHÅþÁ¬µ½Ô¶³ÌЧÀÍÆ÷£¬ÕâÑù¿ÉÒÔ×èֹÿ´ÎÅþÁ¬Ê±¶¼ÊäÈëÃÜÂ룬Ìá¸ßÅþÁ¬ËÙÂÊ¡£
ʹÓÃÅþÁ¬¸´ÓÃ
SSHÅþÁ¬¸´ÓÃÊÇÖ¸ÔÚÒѾ½¨ÉèµÄSSHÅþÁ¬ÉϽ¨ÉèеĻỰ£¬¶ø²»±ØÖØоÙÐÐÉí·ÝÑéÖ¤ºÍ½¨ÉèеÄÅþÁ¬¡£ÕâÑù¿ÉÒÔïÔÌÅþÁ¬½¨ÉèµÄʱ¼ä£¬Ìá¸ßÅþÁ¬ËÙÂÊ¡£¿ÉÒÔÔÚSSHÉèÖÃÎļþÖÐÌí¼ÓÒÔÏÂÑ¡ÏîÀ´ÆôÓÃÅþÁ¬¸´Óãº
ControlMaster auto ControlPath ~/.ssh/socket-%r@%h:%p
µÇ¼ºó¸´ÖÆ
µ÷½âSSH¼ÓÃÜËã·¨
ĬÈÏÇéÐÎÏ£¬SSHʹÓõļÓÃÜËã·¨ÓÐЩ½ÏÁ¿Âý£¬¿ÉÒÔµ÷½â¼ÓÃÜËã·¨À´Ìá¸ßÅþÁ¬ËÙÂÊ¡£ÔÚSSHÉèÖÃÎļþÖУ¬¿ÉÒÔ½«ÒÔÏÂÑ¡ÏîÌí¼Ó»òÐÞ¸ÄΪÊʺϵļÓÃÜËã·¨£º
Ciphers aes128-ctr,aes192-ctr,aes256-ctr MACs hmac-sha2-512,hmac-sha2-256 KexAlgorithms diffie-hellman-group-exchange-sha256
µÇ¼ºó¸´ÖÆ
ÓÅ»¯Ð§ÀÍÆ÷¶ËÉèÖÃ
ÔÚЧÀÍÆ÷¶Ë£¬¿ÉÒÔͨ¹ýÒÔÏ·½·¨À´ÓÅ»¯SSHÅþÁ¬ËÙÂÊ£º
½ûÓÃGSSAPIÉí·ÝÑéÖ¤£º½«ÒÔÏÂÉèÖÃÑ¡ÏîÌí¼Óµ½SSHDÉèÖÃÎļþÖУ¬¿ÉÒÔ½ûÓÃGSSAPIÉí·ÝÑéÖ¤¡£
GSSAPIAuthentication no GSSAPICleanupCredentials no
µÇ¼ºó¸´ÖÆ
ÏÞÖÆ×î´óµÄÅþÁ¬Êý£ºÍ¨¹ýÏÞÖÆSSHЧÀÍÆ÷µÄ×î´ó²¢·¢ÅþÁ¬Êý£¬¿ÉÒÔïÔÌCPUºÍÄÚ´æµÄʹÓ㬴ӶøÌá¸ßÅþÁ¬ËÙÂÊ¡£
MaxSessions 10
µÇ¼ºó¸´ÖÆ
×ܽ᣺
ͨ¹ýÉÏÊöµÄÓÅ»¯¼¼ÇɺÍÉèÖÃʾÀý£¬ÎÒÃÇ¿ÉÒÔÏÔÖøÌá¸ßSSHÅþÁ¬ËÙÂÊ£¬ïÔ̲»ÐëÒªµÄÆÚ´ýʱ¼ä£¬´Ó¶øÌá¸ßÊÂÇéЧÂÊ¡£¿ÉÊÇ£¬²î±ðµÄÇéÐκÍÐèÇó¿ÉÄÜÐèÒª²î±ðµÄÓÅ»¯Õ½ÂÔ£¬½¨Òéƾ֤ÏÖÕæÏàÐξÙÐе÷½âºÍ²âÊÔ¡£
×¢ÖØ£ºÔÚ¾ÙÐÐÈκÎÉèÖøü¸Ä֮ǰ£¬ÇëÈ·±£ËùÓÐÉèÖÃÎļþµÄ±¸·Ý£¬²¢²âÊÔеÄÉèÖÃÊÇ·ñÊÂÇéÕý³£¡£
ÒÔÉϾÍÊÇLinux SysOps SSHÅþÁ¬ËÙÂÊÓÅ»¯¼¼ÇɵÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡