|
|
v版pre 1.45,装了openssh,以前老版本的openssh好像是默认密码登录的,现在要密匙,感觉没必要,又改回密码认证了8 x$ R# }) I& G9 p/ T, T2 F
: z3 Z# p9 g% E8 m配置文件sshd_config改了一下就可以了,但是遇到一个奇怪的问题,每次第一次连接,如果wifi没先激活就用winscp之类的ssh客户端连接,就会出现”不支持的验证方式“的错误,重启关机pre也没用,只有把resolv.conf的nameserver更新了才行,附上我的配置文件,不知道跟设置有关系吗
" z9 R C4 q k* [; m2 b" r3 v; X
. M( W' C! v" z) V) ^# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $" A4 X: V$ Q' d
) l+ R2 ^2 E( o
# This is the sshd server system-wide configuration file. See
. g# g, T$ ^/ x" `; m# sshd_config(5) for more information.
3 V6 C* Q! Z N# g, |! n' T. l7 D1 K5 y" C
# This sshd was compiled with PATH=/opt/sbin:/opt/bin:/usr/sbin:/usr/bin:/sbin:/bin
% ?3 Z5 I1 }( c# y8 Z2 ?$ ?' z0 J- d0 d, ]+ @
# The strategy used for options in the default sshd_config shipped with% t+ ~" H) N2 A# ?0 A6 Z& H
# OpenSSH is to specify options with their default value where2 b6 J6 c+ M1 t2 c3 ^& i' @
# possible, but leave them commented. Uncommented options change a0 h( e; r$ N; e2 v, V. w+ ~# C
# default value./ x5 {0 X8 y1 V# M2 [1 @+ f
/ K8 O, M5 d1 M$ z' a3 N0 V#Port 22
& | }/ S; R& s& q5 b* }9 h( m#AddressFamily any$ u; p3 ?% Q4 B4 ^" z; t
#ListenAddress 0.0.0.0
4 D! k Y9 b- Q+ F#ListenAddress ::! t. Q m6 E, C; i% {& c
9 M# b) C( B+ Z& q; l
# Disable legacy (protocol version 1) support in the server for new
v# V9 b0 W% c) j5 K# installations. In future the default will change to require explicit
: y$ I' L% {! v% g ]# activation of protocol 1
9 c% A3 I7 P+ K! X- ?- {+ d& FProtocol 2
1 _% w) ]; }+ F# E) H# s
3 n, ~; [: \: E* r0 h* b# HostKey for protocol version 1
: T1 {4 T: t6 _# n#HostKey /opt/etc/openssh/ssh_host_key9 ^) w( s* X/ d$ H
# HostKeys for protocol version 2% Z4 u' Z5 l. I9 V" |% z
#HostKey /opt/etc/openssh/ssh_host_rsa_key2 z2 Z# T* G6 d' F* N: l2 O G
#HostKey /opt/etc/openssh/ssh_host_dsa_key p; d! W2 ^4 J7 K
) S3 F$ r! v, Z7 T( T# ~# Lifetime and size of ephemeral version 1 server key
3 Z- g* _7 H% u2 G0 O. a, b& {6 Q- V#KeyRegenerationInterval 1h
$ x" N4 M/ B4 N9 |8 S8 |; o#ServerKeyBits 10245 E7 J5 c3 o9 H6 o; a
# i# l, @6 y$ \9 z# Logging
3 r6 z2 j& s& I+ n/ I- j& a o# obsoletes QuietMode and FascistLogging8 v, s0 y& W, V- r
#SyslogFacility AUTH# ` C3 ^% [2 K2 j! J9 E
#LogLevel INFO
$ O3 n" ^' d0 g1 m0 Q, T1 I# j- K
6 Q J! j \8 b) `' P) b# Authentication:
7 Z# X9 A6 |2 x2 c2 K; B
) L/ v. D' r+ ^" \#LoginGraceTime 2m
; ~- X4 f* T/ ^, OPermitRootLogin yes
) U5 C ?7 N5 q L0 v# d#StrictModes yes
% [9 i& P, r9 y! ~0 h7 b#MaxAuthTries 6
, |/ ~# f2 _" f! n#MaxSessions 10
& }- S: k# N. n, y* {7 E, z6 w. @7 J( s. M, X! V% {- \, f
RSAAuthentication no
9 P( R+ f2 \7 F& u! o& zPubkeyAuthentication no! L; I. {4 i% Z1 i7 F8 l& e& N
#AuthorizedKeysFile .ssh/authorized_keys& \, N8 x v e! _6 j" V* r
( K; l! k4 B; a- {0 d
# For this to work you will also need host keys in /opt/etc/openssh/ssh_known_hosts$ |4 _3 X# | Y& m; Z( h( u
#RhostsRSAAuthentication no$ i4 I7 n8 `- b/ w8 H
# similar for protocol version 2: y3 r2 Q8 s7 ?" k* Z9 \7 M
#HostbasedAuthentication no
1 M8 _! i: \" {0 C8 M! S( m! @: I# Change to yes if you don't trust ~/.ssh/known_hosts for
# j$ ]6 y- P2 w$ P! J' X5 O# RhostsRSAAuthentication and HostbasedAuthentication0 ^, M: X/ c Q, S) C4 m
#IgnoreUserKnownHosts no8 _+ u" a( J3 Q0 Q7 h' \* o! I# @
# Don't read the user's ~/.rhosts and ~/.shosts files8 t- j V" S3 T+ T1 y8 L
#IgnoreRhosts yes
0 Y: d* O% j2 K! M
; w9 F5 y1 {0 X( z- z# To disable tunneled clear text passwords, change to no here!' Y# u0 `, I5 ]! y) p# M3 P/ {! P
PasswordAuthentication yes
3 @; e( ^3 d* i8 i$ }* _8 kPermitEmptyPasswords yes
; O( }$ U" j: k* C* c: t8 R {; r5 @
# Change to no to disable s/key passwords
* b& A( B! q' ~; D L7 n# [/ _ChallengeResponseAuthentication yes: Z( R* f- ~. K# Q! b
: h7 a7 J3 R+ j
# Kerberos options
% x7 @" _; U& B/ |KerberosAuthentication yes b* r5 p ~$ [
#KerberosOrLocalPasswd yes
1 Z9 x, d: o% t. z. p#KerberosTicketCleanup yes4 ^ t# Y' F/ Y! s: `+ n
#KerberosGetAFSToken no0 I' W1 z" p1 v
( `& C8 ?6 D! q: ]& l9 X# GSSAPI options
7 z( S* P4 i5 d& Q, b2 b: |& ?#GSSAPIAuthentication no
1 V) l3 O- }' Z8 x- ~6 H. E% W* J#GSSAPICleanupCredentials yes
) K7 g+ ~; M' T, E4 p) R+ a! |! o4 Y3 u$ s3 J- ~
# Set this to 'yes' to enable PAM authentication, account processing,
2 c6 l; X& \5 ?* Y# and session processing. If this is enabled, PAM authentication will
' r# y1 |3 ]- ^: R9 h& J5 ^9 Z! |# be allowed through the ChallengeResponseAuthentication and
/ y2 ?( Y( l! J# PasswordAuthentication. Depending on your PAM configuration,
! j& M' n& s9 M+ q* N1 L# PAM authentication via ChallengeResponseAuthentication may bypass
( [ n0 \. }5 U# the setting of "PermitRootLogin without-password".
3 \( U) d5 j8 {% P/ L( l# If you just want the PAM account and session checks to run without9 f, Q5 |6 p; c" G9 }3 `% i
# PAM authentication, then enable this but set PasswordAuthentication
% V+ F p M- i# and ChallengeResponseAuthentication to 'no'.
" R" h5 p. W G! V5 fUsePAM yes+ ^$ ]4 t3 ^' c7 F+ r
( _! k+ \# \: v
#AllowAgentForwarding yes- \/ ]# ?6 O4 \
#AllowTcpForwarding yes
# n, E) q+ \5 @9 s" D4 s8 x1 e#GatewayPorts no
( |5 a _3 s% m; q5 W#X11Forwarding no
/ z2 u6 t% ~$ v( z9 ^#X11DisplayOffset 103 V9 ~8 q8 @& V# s% J6 B8 r" _
#X11UseLocalhost yes
t5 `4 g0 O; o q1 W6 p$ e#PrintMotd yes
8 d! }. w3 Y. l#PrintLastLog yes
4 Q! G; t( L4 B! n#TCPKeepAlive yes* b7 |% C0 [0 h
#UseLogin no0 k* k4 d, Y$ G8 @! l1 R
#UsePrivilegeSeparation yes
) a) V2 x4 S; }8 P# Z* i/ H$ H#PermitUserEnvironment no
. ], @% I% p4 b5 I% J4 ]. t! y#Compression delayed
" D; P: M6 j" a* b: V6 W#ClientAliveInterval 0
+ U' k6 M( K; I% q7 @9 u6 C#ClientAliveCountMax 3, B7 w9 V$ ~/ z: {4 E/ F
#UseDNS yes
0 E* w7 l0 v+ W. x( m- t0 w5 Z/ U6 A#PidFile /opt/var/run/sshd.pid
! z# _: j- p8 w& n M7 Y% M) F" {#MaxStartups 10+ ` C% r% g' {$ l
#PermitTunnel no, A6 J& k* a' P. _1 ]
#ChrootDirectory none( R0 r5 k: F+ N! p, Z
1 S5 ~& q3 f8 o0 J* v0 Y) N8 j
# no default banner path6 d* Q P0 F0 }# F1 H/ p: ?
#Banner none/ F4 v+ o* X9 f1 F7 s# k, b) m
1 n2 a" ]7 N" N+ y: z
# override default of no subsystems
* E( M! E. ]. P- Z9 ]! |( fSubsystem sftp /opt/libexec/sftp-server
! v/ H$ J3 N* `6 b* T* _- u( ~ |# J
# Example of overriding settings on a per-user basis# I( R6 B1 s) K$ f6 }, R
#Match User anoncvs. {/ t' p5 v) X3 Z% Z
# X11Forwarding no$ a9 p$ ?; h: H! j& l3 `. a
# AllowTcpForwarding no; y1 ~, H( G3 U% Q" v0 m
# ForceCommand cvs server |
|
|Archiver|手机版|小黑屋|吹友吧
( 京ICP备05078561号 )
狗仔卡
发表于 2010-10-6 19:08
提升卡
变色卡
显身卡