openssh改密码认证后

prenewbie

v版pre 1.45，装了openssh，以前老版本的openssh好像是默认密码登录的，现在要密匙，感觉没必要，又改回密码认证了

配置文件sshd_config改了一下就可以了，但是遇到一个奇怪的问题，每次第一次连接，如果wifi没先激活就用winscp之类的ssh客户端连接，就会出现”不支持的验证方式“的错误，重启关机pre也没用，只有把resolv.conf的nameserver更新了才行，附上我的配置文件，不知道跟设置有关系吗
% k6 p3 A1 t7 ~
#        $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
) X/ k) h8 F9 x$ `  d  |
" F5 M" d% ]2 J# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
: q2 M/ _2 E8 T; D' @
# This sshd was compiled with PATH=/opt/sbin:/opt/bin:/usr/sbin:/usr/bin:/sbin:/bin
. [- d+ D0 Y2 c/ ^6 D7 l0 h
% g& V4 P" Q, w- b# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
) P% }9 y1 t! b+ ]# N5 r% k# default value.
2 U" |) t' r* t
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
6 e) D; m6 v4 I# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

5 P6 c4 A- [, a' V% ~# a* j# HostKey for protocol version 1
% ~/ X. ^4 A4 S$ m" `- m/ r#HostKey /opt/etc/openssh/ssh_host_key
& H  K6 g+ E# f' F, i  @7 B" r# HostKeys for protocol version 2
, Y; V; D6 C, n& _#HostKey /opt/etc/openssh/ssh_host_rsa_key
/ B4 U6 }' P" B" O" }#HostKey /opt/etc/openssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
( s7 H) ~8 o  `0 M#KeyRegenerationInterval 1h
#ServerKeyBits 1024
/ r7 [% c. N9 S# n2 `
# Logging
( P4 U& s0 ^, H8 X- G# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

5 k0 {( E/ Z! t, T( i#LoginGraceTime 2m
: e' @* x$ J' A) zPermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
- i2 w: R& W& |) A6 L- T#MaxSessions 10
6 u( n/ w1 n( A; H: g
6 U" H) \. ?# J, L' Q0 LRSAAuthentication no
PubkeyAuthentication no
( N4 Z8 m- f8 t2 J) l#AuthorizedKeysFile        .ssh/authorized_keys

' R% K/ v: Q% a. z5 @2 Z# For this to work you will also need host keys in /opt/etc/openssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
" w: e0 H7 W$ A1 Z3 {* A# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
  S/ @6 W, C8 m, K  j" F/ ^, s: |# Don't read the user's ~/.rhosts and ~/.shosts files
) d# D% s! t! A& j; [+ `% A#IgnoreRhosts yes
0 [& T0 o, M+ G0 h/ E% K
# H: z/ |+ O# ]! B1 I9 h# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
5 T9 l$ p1 [  l) k! M5 JPermitEmptyPasswords yes

# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
" `+ b0 \7 |( Y& A2 h, c( R
# Kerberos options
' t# y3 h) g" I2 sKerberosAuthentication yes
9 x, P" r/ A# i9 M7 d#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
+ L& I# g) u, m3 {. f9 o. {#KerberosGetAFSToken no
; r# X. X4 L, @! _, X) f
# GSSAPI options
: F& d$ c/ n' @) s0 S9 _7 Q#GSSAPIAuthentication no
2 o2 O2 s6 \" B( G* U6 z) t! i6 Q#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
0 a) H, q% w) u1 a) d# and session processing. If this is enabled, PAM authentication will
, j* F  b& t6 {2 E3 `& l% I0 b# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
9 S0 ?. ?0 x0 d) l! L; B# the setting of "PermitRootLogin without-password".
/ @9 b7 b* j$ Z# If you just want the PAM account and session checks to run without
# i. ^# N6 D/ }. z0 g# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
  e3 L0 R  W6 b: y$ h' g
  a; L9 K7 C2 {. m4 A" j#AllowAgentForwarding yes
#AllowTcpForwarding yes
) H) i: R! T9 `2 R2 _#GatewayPorts no
( [0 X% V7 p+ a/ q#X11Forwarding no
7 l) Q% t- ~; {6 W#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
0 P* c7 z. `7 u( F, J, y' a4 a6 q#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
  z+ z# J: W: E+ I( a/ N#UsePrivilegeSeparation yes
#PermitUserEnvironment no
* [# w( b( [" E: h, p, A#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /opt/var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none
( q3 d, Z2 D! ~# r2 j; |
; F8 x; M# d. I4 M) m' k# override default of no subsystems
Subsystem        sftp        /opt/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#        X11Forwarding no
#        AllowTcpForwarding no
8 m1 F) S8 L! q( p/ o- G#        ForceCommand cvs server

prenewbie

感觉这个openssh不太稳定，有时候会验证失败，然后造成vpn都工作不正常了

cantondiablo

俺的oppensh就从来没有连接上成功过，郁闷

freezex

这是我每次刷机后装ssh所用的配置文件,用wqi发到手机上,即可用密码登录.供参考

/opt/etc/openssh/sshd_config

1. Port 22
   
2. Protocol 2
   - I  {; @7 H: `2 D3 _$ }' e
3. PermitRootLogin yes
   
4. PasswordAuthentication yes
   
5. PermitEmptyPasswords no
   ; q& ~7 V# S( t( c7 E* X% K
6. Subsystem        sftp        /opt/libexec/sftp-server

复制代码

/etc/event.d/mobi.optware.openssh

1. description "OpenSSH Daemon"
   2 @+ p8 h% K7 m0 y6 Q' y
2. 
   & H6 R. a: C2 @" o* u! u1 r% o' e
3. start on stopped finish
   
4. stop on runlevel [!2]
   
5. 
   5 u5 A0 o5 l+ y/ E
6. console none
   
7. 
   4 w8 y7 j* ]4 G
8. # Make sure SSH sessions don't slow down GUI use
   , N$ `/ z9 x, N5 U( M
9. nice 5
   
10. 
    
11. # Restart the SSH daemon if it exits/dies
    3 R# ?, S9 K' b7 g1 R. M  Y
12. respawn
    $ A% S# b( V, f3 N' _4 K4 B5 J
13. 
    3 Q1 p$ Y+ d. Z. a9 v
14. # -D doesn't detach and become daemon
    & s" t4 T, N6 |& [3 H
15. # -p sets the TCP port
    
16. # -o "PasswordAuthentication no" prohibits login using password
    
17. # but allows login using ssh key based authentication (same behavior as -s in dropbear)
    4 `5 d; N4 F& y+ f0 A/ h3 L0 W
18. # -o "PermitRootLogin without-password" prohibits root login using password
    
19. # but allows root login using ssh key based authentication (same behavior as -g in dropbear)
    
20. exec /opt/sbin/sshd -D
    
21. 
    
22. pre-start script
    
23.      # Add firewall rule to allow SSH access over WiFi on port 22
    0 h, O8 Y& z5 E& U- o' q" W' i
24.      # Remove the "-i eth0" on both of the following lines to enable SSH access
    
25.      # over the cellular data network (EVDO, etc).
    , r' T; Q9 _8 k$ i5 H
26.      /usr/sbin/iptables -D INPUT -i eth0 -p tcp --dport 22 -j ACCEPT || /bin/true
    
27.      /usr/sbin/iptables -I INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
    6 Z: ]+ _" H/ G7 p& i6 j' _
28. end script
    7 e8 v2 T5 y: N' {  l
29. 
    
30. # end of file
    

复制代码

[ Edited by freezex on 2010-10-8 10:09 ]

szlittle

俺的oppensh就从来没有连接上成功过，郁闷2