FreeBSD系统SSH配置详解
<p>修改freebsd可以用sshd权限用户登录ssh 但不能用root用户登录的<a target="_blank" href="#" class="UBBWordLink">方法</a></p><p>在/etc/ssh/sshd_config最后中加入 </p>
<p>PermitRootLogin yes #允许root登录<br />
PermitEmptyPasswords no #不允许空密码登录<br />
PasswordAuthentication yes # <a target="_blank" href="#" class="UBBWordLink">设置</a>是否使用口令验证。<br />
就可以了</p>
<p>FreeBSD SSH配置详解</p>
<p>首先vi编辑/etc/inetd.conf,去掉ssh前的#,保存退出 (开启****ssh服务)<br />
编辑/etc/rc.conf<br />
最后加入:sshd_enable="yes"即可 <br />
激活sshd服务:<br />
techo#/etc/rc.d/sshd start<br />
用下面命令检查<a target="_blank" href="#" class="UBBWordLink">服务</a>是否启动,在22端口应该有****。<br />
#netstat -an ## check port number 22<br />
最后<br />
vi /etc/ssh/sshd_config, <br />
下面是我的配置文件:(/etc/ssh/sshd_config)<br />
####################################################<br />
<br />
# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $<br />
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.42.2.1 2005/09/11 16:50:35 des Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
# Note that some of FreeBSD's defaults differ from OpenBSD's, and<br />
# FreeBSD has a few additional options.<br />
<br />
#VersionAddendum FreeBSD-20050903<br />
<br />
#Port 22<br />
#Protocol 2<br />
#AddressFamily any<br />
#ListenAddress 10.1.10.196<br />
#ListenAddress ::<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 768<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin no<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKey .ssh/authorized_keys<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# Change to yes to enable built-in password authentication.<br />
PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable PAM authentication<br />
#ChallengeResponseAuthentication yes<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'no' to disable PAM authentication, account processing,<br />
# and session processing. If this is enabled, PAM authentication will<br />
# be allowed through the ChallengeResponseAuthentication mechanism.<br />
# Depending on your PAM configuration, this may bypass the setting of<br />
# PasswordAuthentication, PermitEmptyPasswords, and<br />
# "PermitRootLogin without-password". If you just want the PAM account and<br />
# session checks to run without PAM authentication, then enable this but set<br />
# ChallengeResponseAuthentication=no<br />
#UsePAM yes<br />
<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding yes<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS no<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
<br />
# no default banner path<br />
#Banner /some/path<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/libexec/sftp-server<br />
<br />
IgnoreRhosts yes<br />
IgnoreUserKnownHosts yes<br />
PrintMotd yes<br />
StrictModes no<br />
RSAAuthentication yes<br />
PermitRootLogin yes #允许root登录<br />
PermitEmptyPasswords no #不允许空密码登录<br />
PasswordAuthentication yes # <a target="_blank" href="#" class="UBBWordLink">设置</a>是否使用口令验证。<br />
<br />
##############################################<br />
<br />
记得修改完配置文件后,重新启动sshd服务器(/etc/rc.d/sshd restart)即可。 <br />
几点补充说明<br />
1,如果重启后还是不行请重新载入sshd_config 文件<br />
/etc/rc.d/sshd reload<br />
2,如果出现using keyboard-interactive authentication<br />
password:<br />
请确认PasswordAuthentication是否已经改成yes<br />
另外如果客户端是putty那么请确认"尝试'智能键盘'认证(SSH-2)"的勾是否有去掉<br />
3,如果是使用root帐号登陆<br />
请确认密码是否为空<br />
空密码无法登陆<br />
4请确认是否有<a target="_blank" href="#" class="UBBWordLink">安装</a>SSH<br />
sysinstall>>>configure>>>networking>>>sshd是否的勾是否有打上</p>
頁:
[1]