==============================================================================================================================================
SSH (secure shell) files and information
==============================================================================================================================================
# john meister 7 December 2014 © copyright 2014 http://JohnMeister.com and http://LinuxMeister
==============================================================================================================================================
=========================================================================================================
to set up passwordless connection from a client to a server:
=========================================================================================================
1) log in to the client system
2) cd (to make sure you're in the home directory)
3) mkdir .ssh (may already be there)
4) cd .ssh
5) ssh-keygen (NOTE: hit enter until done, do not enter anything)
6) cp id_rsa.pub id_rsa.CLIENT (where CLIENT is the hostname or some other identifier)
7) scp id_rsa.CLIENT user@server:/home/user/.ssh/
(uses ssh copy (secure copy) from current directory to account on server into .ssh directory)
-----------------------------------------------------------------------------------------------
------------- next step...logging in to the server via ssh from the client ------------------
-----------------------------------------------------------------------------------------------
8) ssh server (or user@server if different userid)
9) enter password (NOTE: when using ssh the connection is encrypted)
10) cd .ssh (you are now on the SERVER)
11) cat id_rsa.CLIENT >> authorized_keys
(be careful not to overwrite an existing authorized_keys file, you "append" >> )
12) exit
-----------------------------------------------------------------------------------------------
------------- you are back on the client system,
next, you will now log on to the server via ssh from the client WITHOUT a password ----
-----------------------------------------------------------------------------------------------
13) ssh server (or user@server) (You should be on the server without entering a password)
-----------------------------------------------------------------------------------------------
---------------- if you want to be able to go from server to a client, create the id_rsa.pub on
the server using ssh-keygen, then copy it to the client and append the authorized_keys)
|
============================================================================================
user files:
------------
/home/user/.ssh/
id_rsa.pub (created by ssh-keygen)
id_rsa.clientname (created by copying id_rsa.pub and then copied to server)
authorized_keys (created by appending keys to file, added to by user)
known_hosts (automatically generated)
------------
--> ll /home/john/.ssh
total 28
-rw-r--r-- 1 john users 789 Nov 27 23:39 authorized_keys
-rw------- 1 john users 1679 Nov 27 23:37 id_rsa
-rw-r--r-- 1 john users 398 Nov 27 23:37 id_rsa.jim.com
-rw-r--r-- 1 john users 398 Nov 27 23:37 id_rsa.pub ( see NOTE
-rw-r--r-- 1 john users 398 Oct 29 16:56 id_rsa.sliver
-rw-r--r-- 1 john users 2212 Nov 27 23:38 known_hosts
NOTE: After the user uses ssh-keygen the id_rsa.pub file is created,
it should be copied as id_rsa.HOSTNAME and used to establish secure links with other systems.
==============================================================================================================================================
note: Debian/Ubuntu/Mint does not have ssh installed by default: apt-get install ssh
for SuSE to install: zypper install ssh
for Centos, RH or fedora: yum install ssh
see also: http://johnmeister.com/linux/PDF-info/PackageManagementCheatSheet.pdf
==============================================================================================================================================
viewing scp activity on a system
--> netstat -an | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.11.34:44953 96.17.15.16:80 ESTABLISHED
tcp 0 2080892 192.168.11.34:22 192.168.11.19:59278 ESTABLISHED
--> ps -ef | grep scp | grep -v color
john 32214 32213 1 22:58 ? 00:00:21 scp -r -f /4TB/COMMON_FILES/
==============================================================================================================================================
server files to edit:
------------
/etc/ssh/
ssh_config
sshd_config
ssh_config provides site wide configurations
sshd_config provides the daemon process configuration for incoming client connections,
sshd listens for connections from clients. It is normally started at boot from /etc/rc. (or /etc/init.d/sshd )
------------
-> ll /etc/ssh
total 284
-rw------- 1 root root 242153 Nov 8 2013 moduli
-rw-r--r-- 1 root root 3056 Nov 8 2013 ssh_config # compare to the file below if ssh doesn't work
-rw-r----- 1 root root 4287 Nov 11 22:51 sshd_config # ClientAlive variable used here to keep connection alive
-rw------- 1 root root 668 Oct 28 23:56 ssh_host_dsa_key
-rw-r--r-- 1 root root 606 Oct 28 23:56 ssh_host_dsa_key.pub
-rw------- 1 root root 227 Oct 28 23:56 ssh_host_ecdsa_key
-rw-r--r-- 1 root root 178 Oct 28 23:56 ssh_host_ecdsa_key.pub
-rw------- 1 root root 981 Oct 28 23:56 ssh_host_key
-rw-r--r-- 1 root root 646 Oct 28 23:56 ssh_host_key.pub
-rw------- 1 root root 1679 Oct 28 23:56 ssh_host_rsa_key
-rw-r--r-- 1 root root 398 Oct 28 23:56 ssh_host_rsa_key.pub
==============================================================================================================================================
#################################################################################################
CLIENT SIDE (workstation) - below are the uncommented lines from a sample system, YMMV
==================
ssh_config-client.txt
==================
Host *
ForwardX11Trusted yes
Protocol 2
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
==================
==================
sshd_config-client.txt
==================
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
UsePAM yes
X11Forwarding yes
UsePrivilegeSeparation sandbox # Default for new installations.
Subsystem sftp /usr/lib/ssh/sftp-server
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
==================
#######################################################
SERVER SIDE (e.g. mail server)
==================
ssh_config-server.txt
==================
Host *
ForwardX11Trusted yes
Protocol 2
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
VisualHostKey no
HashKnownHosts yes
==================
==================
sshd_config-server.txt
==================
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
UsePAM yes
X11Forwarding yes
X11UseLocalhost no
UsePrivilegeSeparation sandbox # Default for new installations.
ClientAliveInterval 30 # this was added to prevent the connection from dropping
ClientAliveCountMax 5 # this was added to prevent the connection from dropping
Subsystem sftp /usr/lib/ssh/sftp-server
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
==================
#######################################################
# SCRIPT to extract uncommented lines from ssh config files
# NOTE: because sshd_config is not readable you'll need sudo to create the copy
#######################################################
#!/bin/bash
# extract uncommented lines to show ssh configuration
# exclude lines beginning with # and empty lines as noted by ^$
# john 5 December 2014
#
# TO CREATE THE FILES THE FOLLOWING IS ONE POSSIBLILITY:
#
# cp /etc/ssh_config ssh_config-client.txt
# scp user@SERVER:/etc/ssh/ssh_config ssh_config-server.txt
# sudo /etc/sshd_config sshd_config-server.txt ; sudo chmod 644 sshd_config-server.txt
# scp root@SERVER:/etc/ssh/sshd_config sshd_config-server.txt # most systems don't allow root access - time for "plan B"
#
FILES="ssh_config-client.txt sshd_config-client.txt ssh_config-server.txt sshd_config-server.txt"
#
for x in $FILES
do
echo "==================" | tee -a ssh-config.txt
echo $x | tee -a ssh-config.txt
echo "==================" | tee -a ssh-config.txt
cat $x | grep -v ^# | grep -v ^$ | tee -a ssh-config.txt
echo "==================" | tee -a ssh-config.txt
done
echo "finished"
#######################################################
==============================================================================================================================================
Reverse SSH Tunnel
==============================================================================================================================================
#######################################################
ssh_config (client) - COMPLETE FILE
# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# If you do not trust your remote host (or its administrator), you
# should not forward X11 connections to your local X11-display for
# security reasons: Someone stealing the authentification data on the
# remote side (the "spoofed" X-server by the remote sshd) can read your
# keystrokes as you type, just like any other X11 client could do.
# Set this to "no" here for global effect or in your own ~/.ssh/config
# file if you want to have the remote X11 authentification data to
# expire after two minutes after remote login.
ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
# GSSAPIEnableMITMAttack no
# This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
# RekeyLimit 1G 1h
#######################################################
sshd_config (client) - COMPLETE FILE
# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
#GSSAPIEnableMITMAttack no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
#######################################################
#######################################################
#######################################################
ssh_config (server) - COMPLETE FILE
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# If you do not trust your remote host (or its administrator), you
# should not forward X11 connections to your local X11-display for
# security reasons: Someone stealing the authentification data on the
# remote side (the "spoofed" X-server by the remote sshd) can read your
# keystrokes as you type, just like any other X11 client could do.
# Set this to "no" here for global effect or in your own ~/.ssh/config
# file if you want to have the remote X11 authentification data to
# expire after two minutes after remote login.
ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
# GSSAPIEnableMITMAttack no
# This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
# This will print the fingerprint of the host key in "visual" form
# this should make it easier to also recognize bad things
VisualHostKey no
# This will hash new host keys and make them so unusable for malicious
# people or software trying to use known_hosts to find further hops.
HashKnownHosts yes
# ProxyCommand ssh -q -W %h:%p gateway.example.com
#######################################################
sshd_config (server) - COMPLETE FILE
# $OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# note: added 11/11/2014
# /etc/ssh/sshd_config
# ClientAliveInterval 30
# ClientAliveCountMax 5
#
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
#GSSAPIEnableMITMAttack no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
X11UseLocalhost no
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
# uncommented and tweaked 11/11/2014
ClientAliveInterval 30
ClientAliveCountMax 5
#UseDNS yes
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
#######################################################
-- Linux commands, scripts, tools and systems administration --
|
