How to Learn about RHCE in openssh

The OpenSSH service requires 4 software packages of openssh-4.3p2-24.el5.i386.rpm: contains the core file openssh-askpass-4.3p2-24.el5.i386.rpm required by the OpenSSH server and client: displays in the support dialog box, is a password diagnostic tool openssh-clients-4.3p2-24.el5.i386.rpm Based on the X system: openSSH client package openssh-serve

The OpenSSH service requires four software packages.

Openssh-4.3p2-24.el5.i386.rpm: Contains the core files required by the OpenSSH server and client.
Openssh-askpass-4.3p2-24.el5.i386.rpm: Supports dialog box display. It is a password diagnostic tool based on X system.
Openssh-clients-4.3p2-24.el5.i386.rpm: OpenSSH client software package
Openssh-server-4.3p2-24.el5.i386.rpm: OpenSSH server software package

If not, install it ~

OpenSSH configuration file

There are two common OpenSSH configuration files/Etc/ssh/ssh_configAnd/Etc/sshd_config.

Ssh_config is the client configuration file while sshd_config is the server configuration file.

Ssh_configConfiguration File 

Host: Specify the host for which the configuration takes effect. Other settings are used for the host. "*" indicates all computers.
ForwardAgent: If a verification proxy exists, you can set whether the connection is verified and the proxy is forwarded to the remote computer.
ForwardX11: Sets whether the X11 connection is automatically redirected to a secure channel and display set.
RhostsAuthentication: Sets whether to use rhosts-based security verification.
RhostsRSAAuthentication: Sets whether to use the RSA Algorithm for rhosts-based security verification.
RSAAuthentication: Sets whether to use the RSA Algorithm for security verification.
PasswordAuthentication: Set whether to use password verification.
HostbasedAuthentication: Host-Based Authentication
FallBackToRsh: Set whether to use RSH automatically if an error occurs during SSH connection.
UseRsh: Set whether to use rlogin/rsh on this computer.
BatchMode: If it is set to yes, the prompt for passphrase/password will be disabled. When the password cannot be entered interactively, this option is very useful for script files and batch processing tasks.
CheckHostIP: Set SSH to check the IP address of the host connected to the server to prevent DNS spoofing. We recommend that you set it to yes.
AddressFamily: Specifies which address family should sshd use
ConnectTimeout: Set connection timeout.
StrictHostKeyChecking: If it is set to yes, SSH will not automatically add the computer's key to the $ HOME/. ssh/known_hosts file. Once the computer's key changes, the connection will be rejected.
IdentityFile: Sets the file from which the user's RSA Security Authentication ID is read.
Port: Set the port to connect to the remote host.
Protocol: Set the SSH version used by the client.
Cipher: Sets the encryption mode.
Ciphers: Specifies the encryption algorithm that the SSH-2 can use
EscapeChar: Set the escape character.
Tunnel: Set to traverse untrusted networks
TunnelDevice any: any
PermitLocalCommand no

/Etc/ssh/sshd_configConfiguration File 

Port 22
Set the sshd listening port number
ListenAddress 0.0.0.0
Set the IP address bound to the sshd server. 0.0.0.0 indicates listening to all IP addresses.
HostKey/etc/ssh/ssh_host_key
Set a file containing the private key of the computer
ServerKeyBits 768
Define the server key length
LoginGraceTime 2 m
Set the server wait time (in seconds) before the connection is disconnected if the user cannot log on successfully)
KeyRegenerationInterval 1 h
Sets the number of seconds after which the server key is automatically regenerated. Re-generate the key to prevent the intercepted information from being decrypted using the stolen key.
PermitRootLogin no
To ensure server security, we recommend that you set root to no
StrictModes yes
Set whether SSH checks the permissions and ownership of the user's home directory and rhosts files before receiving logon requests. This prevents anyone from having the write permission on directories and files.
RhostsAuthentication no
Set whether security verification is performed only by rhosts or/etc/hosts. equiv.
RhostsRSAAuthentication no
Set whether to allow the use of rhosts or/etc/hosts. equiv with RSA for security verification.RSAAuthentication yes
Set whether only RSA Security Verification is allowed.
IgnoreUserKnownHosts no
Set ssh daemon to ignore $ HOME/. ssh/known_hosts during RhostsRSAAuthentication security authentication.
IgnoreRhosts yes
Set whether to use the rhosts and shosts files during verification
PasswordAuthentication yes
Set whether to allow password verification.
PermitEmptyPasswords no
Set whether to allow logon with an account with a blank password.
X11Forwarding yes
Set whether to allow X11 forwarding
PrintMotd yes
Set whether sshd displays information in/etc/motd upon user logon.
SyslogFacility AUTH
Sets whether facility code is provided when a message from sshd is recorded.
LogLevel INFO
Set the layer for logging sshd log messages
AllowUsers michael
Set the number of allowed users, which can be multiple, separated by Spaces