[Reprint]linux SSH Client Configuration-Basic knowledge

Original link: http://www.hao32.com/unix-linux/462.html

Configuration Files ~/.ssh/config and/etc/ssh/ssh_config

14.01.

You generally do not need to modify the OpenSSH client configuration file. For a given user, there are two profiles, ~/.ssh/config (user-specific) and/etc/ssh/ssh_config (global sharing). To read these files in that order, for a given parameter, it uses the first configuration found in the read process. The user can override the global parameter settings by setting the same parameters in their own configuration file. The parameters given on the SSH or SCP command line are prioritized higher than the parameters set in the two files.

The user's ~/.ssh/config file must be owned by the user (he is the owner of the directory "~/") and cannot be written to by anyone other than the owner. Otherwise, the client will give an error message and then exit. The pattern of this file is usually set to 600, because nobody but its owner has reason to read it.

The configuration lines in these configuration files contain declarations that begin with a keyword (case-insensitive), followed by whitespace, and finally the argument (case-sensitive).

You can use the keyword host to make a declaration work on a specific system. The host declaration acts on all configuration lines between it and the next host declaration. In the hostname, you can use the wildcard characters * and?.

Host hostnames

Add the following declaration (

Until the next host declaration) are specified as only applicable to hostnames. The hostnames format should be the same as the format used on the command line, and it can also contain wildcard characters * and?. Single * specifies all hosts.

Checkhostip Yes|no

If you set it to Yes (the default), you can use an IP address to identify a system in the Known_hosts file in addition to the host name. If set to No, only the host name can be used.

ForwardX11 Yes|no

If set to Yes, the X11 connection is automatically forwarded in untrusted mode via a secure channel, and the shell variable display is set. You can also use the option "-X" on the command line to redirect X11 connections in untrusted mode. The default value for this parameter is no. To make X11 forwarding work, you must also set the x11forwarding in the/etc/sshd_config file on the server to Yes. See section 1.6, "X11 forwarding" for more information.

forwardx11trusted Yes | No

If set to Yes, then automatically passes an

The full channel forwards the X11 connection in trusted mode and sets the shell variable display. You can also use the option "-Y" on the command line to redirect X11 connections in untrusted mode. The default value for this parameter is no, but Red Hat Linux sets it to Yes. To make X11 forwarding work, you must also set the x11forwarding in the/etc/sshd_config file on the server to Yes. See section 1.6, "X11 forwarding" for more information.

Hostbasedauthentication Yes | No

If set to Yes, an attempt is made to authenticate rhosts. For systems with higher security requirements, set it to No (the default).

HOSTKEYALGORITHMS algorithms

Where algorithms is a comma-delimited list of algorithms that the client uses in order of priority. Select the algorithm from Ssh-rsa or SSH-DSS (the default value is "Ssh-rsa, Ssh-dss").

Tcpkeepalive Yes | No

If set to Yes (the default), the connection is periodically checked for survival. If the server crashes or causes the connection to die for other reasons, this check will cause the SSH or SCP connection to be interrupted, even if it is temporary. Setting this parameter to No will cause the client to not check if the connection is alive.

This statement uses the TCP keepalive option, which is not encrypted and is susceptible to IP spoofing (IP Spoofing). If you want alternative options that prevent IP spoofing, you can use server-based technologies, see section 1.4, "Clientaliveinterval" in section 6.

stricthostkeychecking Yes | No | Ask

Determines whether OpenSSH adds the host key to the user's known_hosts file and how to add it. If set to ask (the default), the host key is queried when connecting to the new system, and if set to No, the host key is added automatically, and if set to Yes, the host key is added manually. If you set the parameter to Yes or ask, OpenSSH will refuse to connect to the system after the host key of the system has changed. For systems with high security requirements, set this parameter to Yes or ask.

User Name

Specifies the user name to use when logging on to the system. Use the host declaration to specify the system. This option means that you do not have to enter a user name on the command line when you are logged on on a remote system, if you are using a different user name than the user name used to log on to the local system. 、

Useful two parameters, can solve multiple systems sharing a single IP login conflict, do not have to modify or delete the Known_hosts file every time:

Stricthostkeychecking No
Userknownhostsfile/dev/null

[Reprint]linux SSH Client Configuration-Basic knowledge