FreeBSD系统SSH配置详解
FreeBSD系统SSH配置详解
发布时间:2016-12-27 来源:查字典编辑
摘要:修改freebsd可以用sshd权限用户登录ssh但不能用root用户登录的方法在/etc/ssh/sshd_config最后中加入Perm...

修改freebsd可以用sshd权限用户登录ssh 但不能用root用户登录的方法

在/etc/ssh/sshd_config最后中加入

PermitRootLogin yes #允许root登录

PermitEmptyPasswords no #不允许空密码登录

PasswordAuthentication yes # 设置是否使用口令验证。

就可以了

FreeBSD SSH配置详解

首先vi编辑/etc/inetd.conf,去掉ssh前的#,保存退出 (开启****ssh服务)

编辑/etc/rc.conf

最后加入:sshd_enable="yes"即可

激活sshd服务:

techo#/etc/rc.d/sshd start

用下面命令检查服务是否启动,在22端口应该有****。

#netstat -an ## check port number 22

最后

vi /etc/ssh/sshd_config,

下面是我的配置文件:(/etc/ssh/sshd_config)

####################################################

# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $

# $FreeBSD: src/crypto/openssh/sshd_config,v 1.42.2.1 2005/09/11 16:50:35 des Exp $

# This is the sshd server system-wide configuration file. See

# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented. Uncommented options change a

# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and

# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20050903

#Port 22

#Protocol 2

#AddressFamily any

#ListenAddress 10.1.10.196

#ListenAddress ::

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 768

# Logging

# obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

#PermitRootLogin no

#StrictModes yes

#MaxAuthTries 6

#RSAAuthentication yes

#PubkeyAuthentication yes

#AuthorizedKey .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.

PasswordAuthentication yes

#PermitEmptyPasswords no

# Change to no to disable PAM authentication

#ChallengeResponseAuthentication yes

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication mechanism.

# Depending on your PAM configuration, this may bypass the setting of

# PasswordAuthentication, PermitEmptyPasswords, and

# "PermitRootLogin without-password". If you just want the PAM account and

# session checks to run without PAM authentication, then enable this but set

# ChallengeResponseAuthentication=no

#UsePAM yes

#AllowTcpForwarding yes

#GatewayPorts no

#X11Forwarding yes

#X11DisplayOffset 10

#X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

#TCPKeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

#Compression delayed

#ClientAliveInterval 0

#ClientAliveCountMax 3

#UseDNS no

#PidFile /var/run/sshd.pid

#MaxStartups 10

# no default banner path

#Banner /some/path

# override default of no subsystems

Subsystem sftp /usr/libexec/sftp-server

IgnoreRhosts yes

IgnoreUserKnownHosts yes

PrintMotd yes

StrictModes no

RSAAuthentication yes

PermitRootLogin yes #允许root登录

PermitEmptyPasswords no #不允许空密码登录

PasswordAuthentication yes # 设置是否使用口令验证。

##############################################

记得修改完配置文件后,重新启动sshd服务器(/etc/rc.d/sshd restart)即可。

几点补充说明

1,如果重启后还是不行请重新载入sshd_config 文件

/etc/rc.d/sshd reload

2,如果出现using keyboard-interactive authentication

password:

请确认PasswordAuthentication是否已经改成yes

另外如果客户端是putty那么请确认"尝试'智能键盘'认证(SSH-2)"的勾是否有去掉

3,如果是使用root帐号登陆

请确认密码是否为空

空密码无法登陆

4请确认是否有安装SSH

sysinstall>>>configure>>>networking>>>sshd是否的勾是否有打上

推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
相关阅读
网友关注
最新Unix/BSD学习
热门Unix/BSD学习
操作系统子分类