Rsync + ssh configuration details

Source: Internet
Author: User
Tags hmac sha1 syslog keep alive
Test environment: solaris10 (rsync server) IP: 192.168.71.98;
Redhat9 (rsync client) IP: 192.168.71.178;
Rsync-2.6.8 + openssh-4.3p2-sol10-x86-local

Test content: Synchronize the files in the client/root/with the/src folder on the server;

1) Client configuration (192.168.71.178 RedHat ):

In the user directory to be authorized, this is root:

Ssh-keygen-t rsa-B 2048-F/root/. Ssh/hostkey

If there is no. Ssh directory, manually create one. At this time, two files, hostkey. Pub, will be generated under this directory;

Transmit the generated hustkey. Pub to the server because it is used for authentication:

SCP/root/. Ssh/hostkey. Pub 192.168.71.98:/. Ssh/

2) server configuration (192.168.71.98 solaris10 ):

A. in/etc/hosts. Allow, add: sshd: 192.168.71.178 to allow the client to log on;

B. manually create: Touch authorized_keys; chomd 600 authorized_keys IN THE/. Ssh directory. Then, import the hostkey. Pub from the client SCP to: CAT hostkey. Pub> authorized_keys.

C, VI/etc/ssh/sshd_config file:

"/Etc/ssh/sshd_config" 164 lines, 5276 characters
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# Ident "@ (#) sshd_config 1.8 04/05/10 SMI"
#
# Configuration file for sshd (1 m)

# Protocol versions supported
#
# The sshd shipped in this release of Solaris has support for major versions
#1 and 2. It is recommended due to security weaknesses in the V1 Protocol
# That sites run only V2 if possible. Support for V1 is provided to help sites
# With existing SSH V1 clients/servers to transition.
# Support for V1 may not be available in a future release of Solaris.
#
# To enable support for V1 an rsa1 key must be created with ssh-keygen (1 ).
# RSA and DSA keys for protocol v2 are created by/etc/init. d/sshd if they
# Do not already exist, rsa1 keys for protocol V1 are not automatically created.

# Uncomment only one of the following protocol statements.

# Only V2 (recommended) # disable
# Protocol 2

# Both V1 and V2 (not recommended) # enable. It is recommended to increase compatibility.
Protocol 2, 1

# Only V1 (not recommended)
# Protocol 1

# Listen port (the IANA registered port number for SSH is 22)
Port 22

# The default listen address is all interfaces, this may need to be changed
# If you want to restrict the interfaces sshd listens on for a Multi Homed Host.
# Multiple listenaddress entries are allowed.

# IPv4 only
# ListenAddress 0.0.0.0
# IPv4 & IPv6
ListenAddress ::

# Port forwarding
AllowTcpForwarding no

# If port forwarding is enabled, specify if the server can bind to INADDR_ANY.
# This allows the local port forwarding to work when connections are already ed
# From any remote host.
GatewayPorts no

# X11 tunneling options
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

# The maximum number of concurrent unauthenticated connections to sshd.
# Start: rate: full see sshd (1) for more information.
# The default is 10 unauthenticated clients.
# MaxStartups 10: 30: 60

# Banner to be printed before authentication starts.
# Banner/etc/issue

# Shoshould sshd print the/etc/motd file and check for mail.
# On Solaris it is assumed that the login shell will do these (eg/etc/profile ).
PrintMotd no

# KeepAlive specifies whether keep alive messages are sent to the client.
# See sshd (1) for detailed description of what this means.
# Note that the client may also be sending keep alive messages to the server.
KeepAlive yes

# Syslog facility and level
SyslogFacility auth
LogLevel info

#
# Authentication configuration
#

# Host private key files
# Must be on a local disk and readable only by the root user (root: sys 600 ).
HostKey/etc/ssh/ssh_host_rsa_key
HostKey/etc/ssh/ssh_host_dsa_key

# Default Encryption algorithms and Message Authentication codes
# Ciphers aes128-ctr, aes128-cbc, arcfour, 3des-cbc, blowfish-CBC
# Macs hmac-md5, hmac-sha1, hmac-sha1-96, hmac-md5-96

# Length of the server key
# Default 768, minimum 512
Serverkeybits 768

# Sshd regenerates the key every keyregenerationinterval seconds.
# The Key is never stored anywhere doesn't the memory of sshd.
# The default is 1 hour (3600 seconds ).
Keyregenerationinterval 3600

# Ensure secure permissions on users. Ssh directory.
Strictmodes Yes

# Length of time in seconds before a client that hasn't completed
# Authentication is disconnected.
# Default is 600 seconds. 0 means no time limit.
Logingracetime 600

# Maximum number of Retries for authentication
# Default is 6. Default (if unset) for maxauthtrieslog is maxauthtries/2
Maxauthtries 6
Maxauthtrieslog 3

# Are logins to accounts with empty passwords allowed.
# If permitemptypasswords is no, pass pam_disallow_null_authtok
# To pam_authenticate (3pam ).
Permitemptypasswords No

# To disable tunneled clear text passwords, change passwordauthentication to No.
Passwordauthentication Yes

# Use PAM via keyboard Interactive Method for authentication.
# Depending on the Setup of Pam. conf (4) This may allow tunneled clear text
# Passwords even when passwordauthentication is set to No. This is dependent
# On what the individual modules request and is out of the control of sshd
# Or the protocol.
Pamauthenticationviakbdint Yes

# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate (3PAM) so the root (or any other) user
# Maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no.
PermitRootLogin yes

# Sftp subsystem
Subsystem sftp/usr/lib/ssh/sftp-server

# SSH protocol v1 specific options
#
# The following options only apply to the v1 protocol and provide
# Some form of backwards compatibility with the very weak security
# Of/usr/bin/rsh. Their use is not recommended and the functionality
# Will be removed when support for v1 protocol is removed.

# Shoshould sshd use. rhosts and. shosts for password less authentication.
IgnoreRhosts yes
RhostsAuthentication yes # enable

# Rhosts RSA Authentication is modified here.
# For this to work you will also need host keys in/etc/ssh/ssh_known_hosts.
# If the user on the client side is not root then this won't work on
# Solaris since/usr/bin/ssh is not installed setuid.
RhostsRSAAuthentication yes # enable

AuthorizedKeysFile. ssh/authorized_keys # Add this line, the key Essence

# Uncomment if you don't trust ~ /. Ssh/known_hosts for RhostsRSAAuthentication.
# IgnoreUserKnownHosts yes

# Is pure RSA authentication allowed.
# Default is yes
RSAAuthentication yes # enable
ChRootGroups sftp, guest

Test:

On the client: rsync-avz-e "ssh-I/root/. ssh/hostkey"/root/192.168.71.98:/src
Building file list... done
./
. Xresources
. Bash_history
. Bash_logout
. Bash_profile
. Bashrc
. Cshrc
. Tcshrc
Anaconda-ks.cfg
Format. dat
Install. Log
Install. log. Syslog
Test
. Gconfd/
. Ssh/
. Ssh/hostkey
. Ssh/hostkey. Pub
. Ssh/known_hosts
MNT/
MNT/34344.c
MNT/ABC. c
MNT/dsdw. c
MNT/format. dat
MNT/password. Pas
MNT/test/
MNT/test/123.c
MNT/test/ewrwe. c
MNT/test/sdfsdfsd. c

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.