https://blog.baicai.me/tags/sshd_config/Recent content in Sshd_config on 白菜Hugo -- gohugo.iozh-CNadmin@baicai.me (白菜)admin@baicai.me (白菜)baicai.meTue, 21 Apr 2026 19:43:57 +0800https://blog.baicai.me/article/2026/linux_sshd_config/Tue, 21 Apr 2026 19:43:57 +0800admin@baicai.me (白菜)https://blog.baicai.me/article/2026/linux_sshd_config/<p>环境： Debian 13 配置文件 <code>/etc/ssh/sshd_config</code></p> <h3 id="额外配置">额外配置</h3> <pre tabindex="0"><code class="language-conf" data-lang="conf">Include /etc/ssh/sshd_config.d/*.conf </code></pre><p>会加载该目录下的所有 .conf 文件，优先级可能覆盖主配置（后加载的生效）</p> <h3 id="修改配置项">修改配置项</h3> <pre tabindex="0"><code class="language-conf" data-lang="conf">#允许 root 登录，但禁止使用密码，只能用 SSH 密钥登录 PermitRootLogin prohibit-password #每个连接最多尝试 3 次认证 MaxAuthTries 3 #启用 SSH key 登录 PubkeyAuthentication yes #禁用密码登录 PasswordAuthentication no #禁止空密码 PermitEmptyPasswords no </code></pre><h3 id="加载配置">加载配置</h3> <p><strong>在让配置生效前，务必先开一个 SSH 窗口测试登录，确认能正常登录后，再关闭旧连接。</strong></p> <p>不会断开当前 SSH 连接</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>systemctl reload ssh </span></span></code></pre></div><p>或</p> <p>直接重启ssh服务(可能断连)</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>systemctl restart ssh </span></span></code></pre></div><p>在执行 <code>reload/restart</code> 前先检查：</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sshd -t </span></span></code></pre></div><p>如果配置正确，不会有任何输出。</p>