|
v版pre 1.45,装了openssh,以前老版本的openssh好像是默认密码登录的,现在要密匙,感觉没必要,又改回密码认证了3 ~7 u, O7 h% H
: e9 A$ V# r' F6 X
配置文件sshd_config改了一下就可以了,但是遇到一个奇怪的问题,每次第一次连接,如果wifi没先激活就用winscp之类的ssh客户端连接,就会出现”不支持的验证方式“的错误,重启关机pre也没用,只有把resolv.conf的nameserver更新了才行,附上我的配置文件,不知道跟设置有关系吗
, i$ N8 m) l; q
5 `9 j+ b7 t: Q# T+ `+ \4 ?! L o# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+ Y/ v# g5 }4 F% D" ^7 i' \8 v Z$ l# |$ [- [: X1 X
# This is the sshd server system-wide configuration file. See/ J. b' t7 R: [" O: Q
# sshd_config(5) for more information.& F1 X9 E* |. y6 J+ k5 P! R
$ O; } q4 g; g4 ^6 k
# This sshd was compiled with PATH=/opt/sbin:/opt/bin:/usr/sbin:/usr/bin:/sbin:/bin0 F( s! R' `! n! |2 z2 h# r5 R
2 Y( ?' f, {# j) H/ Y& ?0 |: J* A
# The strategy used for options in the default sshd_config shipped with
4 p& f4 P4 ^9 M3 C# OpenSSH is to specify options with their default value where
, k5 `, v1 b6 h% S& z/ n, `# B' Y9 A9 u# possible, but leave them commented. Uncommented options change a5 O: a4 B3 O5 q. E
# default value.& P" a% h% g. U8 d5 b
, r" z5 ]' G; E4 x2 q4 e/ ~$ W
#Port 22! ^( D4 Y! g' W; h" u
#AddressFamily any
: Z: f" s3 \4 S( M" n* B; v( j#ListenAddress 0.0.0.0
+ U% \$ I% u0 B# Q#ListenAddress ::1 W8 C; X' x& S, [1 c
0 W- X, M1 q |5 O# m3 j4 v# Disable legacy (protocol version 1) support in the server for new2 a# N; N$ C( T& q- W
# installations. In future the default will change to require explicit
+ X D. ]" f$ |! ]# G) ^# activation of protocol 1& L! X1 C. \ w
Protocol 21 s6 X2 Z0 r+ H9 Y, T8 {$ u
' Q+ t+ U' H) t+ ^: `# u ?7 D
# HostKey for protocol version 1, ?" J% ~! ^3 o* i( P
#HostKey /opt/etc/openssh/ssh_host_key) t" ]) o0 [0 ]
# HostKeys for protocol version 2
1 ~' J4 _, W; y, u#HostKey /opt/etc/openssh/ssh_host_rsa_key. m; J5 `/ U J; h6 ?9 E# x+ k1 b) t! h! W
#HostKey /opt/etc/openssh/ssh_host_dsa_key
) M2 f u9 Q2 \/ c$ z1 T# t6 O" \' y" e: |2 W
# Lifetime and size of ephemeral version 1 server key4 t* l0 s& m- {
#KeyRegenerationInterval 1h- v1 q4 B4 P' x" ]5 l4 J1 V0 J: a
#ServerKeyBits 10241 L' u/ k1 H1 N6 Q7 K0 V
0 M i4 b+ y H7 g# Logging) ~( v8 _4 w- J, D2 G3 Z
# obsoletes QuietMode and FascistLogging
: Y: a U$ p2 @4 V4 S* P#SyslogFacility AUTH
( V7 d$ `- i5 t9 T" `#LogLevel INFO3 B$ J2 ~9 R7 v
, K8 N( M: y$ k) ^+ D5 a/ x# Authentication:% ^' u: r2 Q5 y' V
. [0 `5 [8 M, l) N" V* M7 K( Y
#LoginGraceTime 2m' N1 r2 _7 [3 |, i
PermitRootLogin yes2 d: U4 a( q9 t8 h2 @
#StrictModes yes7 ^$ F5 c: e0 i% ~# \5 y
#MaxAuthTries 61 \6 J, Q4 }0 o1 d$ @9 F' c6 H
#MaxSessions 10) r( o) r( X1 j* G8 z
. o0 d) P1 K }# i+ {: aRSAAuthentication no
. o( i$ k$ b; G4 F7 |) M! O. UPubkeyAuthentication no1 O5 m+ l/ ` y% A- P' Z8 O
#AuthorizedKeysFile .ssh/authorized_keys# D3 P$ y& ^0 X
- N3 ]4 a2 P- N3 q% }
# For this to work you will also need host keys in /opt/etc/openssh/ssh_known_hosts
$ T' U) ^" \5 @* O3 h#RhostsRSAAuthentication no6 v) k" G/ m4 U( _5 {; q
# similar for protocol version 2
e4 E7 f, S" K' m#HostbasedAuthentication no
& j% A/ s5 M6 j, d, ^# Change to yes if you don't trust ~/.ssh/known_hosts for
j8 Q% a: }! m" ~" l1 M# RhostsRSAAuthentication and HostbasedAuthentication
; Z+ j: e6 V3 A, M. e: `2 J+ n#IgnoreUserKnownHosts no% c1 \2 v: K6 k* N9 m9 ^
# Don't read the user's ~/.rhosts and ~/.shosts files
5 Z# H6 @$ ]# x#IgnoreRhosts yes
# R5 U& Q. I( g. F: z6 B: p6 l0 u2 l$ k' h& M. Z- A/ z5 Q
# To disable tunneled clear text passwords, change to no here!
: p1 Z2 ^3 V' Z2 m$ Y4 v' H* xPasswordAuthentication yes, I2 Y9 T3 s* [( ?9 p+ J. z
PermitEmptyPasswords yes
0 Z) i+ |/ w A T
' O* `% A" g" j+ u# Change to no to disable s/key passwords8 U2 D4 F' T4 T k0 I% ^9 Q- u
ChallengeResponseAuthentication yes
- g4 v2 t$ L4 d) l7 M* t
5 O0 @9 P2 z; G1 s; g3 j& c" j# Kerberos options& B" K/ ~9 |0 @/ k: x+ b5 V
KerberosAuthentication yes
' w. |# I0 F9 U! s" i, N#KerberosOrLocalPasswd yes
% F6 K- Q9 T7 @, g- g- J2 Q. Z#KerberosTicketCleanup yes
w* o6 q8 R% y9 D#KerberosGetAFSToken no
2 J' ~1 b$ [. h8 D% w/ s& \6 _8 `* _6 t/ Y! _2 G$ ~
# GSSAPI options: L# }4 g7 W9 d
#GSSAPIAuthentication no
, b Y" f* m& m: \& e0 H C#GSSAPICleanupCredentials yes
- P; h4 _ E' z" v' ?- W9 B) B3 ?0 Z7 u# M4 A8 }/ \! w- K# k
# Set this to 'yes' to enable PAM authentication, account processing, ; Q: R4 \5 ~( w t, V
# and session processing. If this is enabled, PAM authentication will
; Z4 [( A& v N% m& s3 Q( h# be allowed through the ChallengeResponseAuthentication and5 z& X" E( F K- R7 E5 n7 Y% o
# PasswordAuthentication. Depending on your PAM configuration,& F5 i1 f6 i4 K
# PAM authentication via ChallengeResponseAuthentication may bypass
6 O$ Y& w5 k8 ?( V! r( @" x# the setting of "PermitRootLogin without-password".( N' g& l/ G! K4 ?9 e& c/ R9 u, L
# If you just want the PAM account and session checks to run without
& S; t9 ?. E) h, }( s3 V# PAM authentication, then enable this but set PasswordAuthentication+ p P( M( b6 D; ^- R' R0 Y; r+ \
# and ChallengeResponseAuthentication to 'no'.* b: G* z$ b! e# @" J6 I& W
UsePAM yes4 N# X% n( c4 a% u; S" t6 ~2 K; j
! A& g/ \+ U1 P
#AllowAgentForwarding yes0 Z5 K1 D% g0 v
#AllowTcpForwarding yes2 l# h% K- |: t! v' i! y# P6 m9 ~
#GatewayPorts no
7 X$ W) ~+ V( U2 e0 a+ X9 w#X11Forwarding no
0 E$ ~% r0 d$ P3 u% P4 i#X11DisplayOffset 109 t. n# D& R- w4 B! ?& e
#X11UseLocalhost yes! b- v! t( i; v- @4 C* u
#PrintMotd yes
3 f2 |; T! x, K5 d/ Z5 ]! o#PrintLastLog yes3 w7 k0 M! J: |3 V5 H; K8 S/ K* D
#TCPKeepAlive yes
1 U& d9 G/ P d0 L' M4 p% X#UseLogin no
6 o z7 W% u# _3 J#UsePrivilegeSeparation yes
1 k( x/ T8 h% t. P% e% K1 E#PermitUserEnvironment no. M4 f" N' F- j0 v; D
#Compression delayed
$ T- b5 v. F6 o" f#ClientAliveInterval 03 q! f$ T0 Y! L7 |
#ClientAliveCountMax 3* s$ K' d6 C6 K1 |2 ~
#UseDNS yes
: P3 V. I& y2 v9 M2 |#PidFile /opt/var/run/sshd.pid4 w G/ r, r- b
#MaxStartups 10: N8 S5 q& o/ k" s
#PermitTunnel no
# I. i- j- b! Y9 H* K9 n' N#ChrootDirectory none
. B8 J5 E X, w# M- J8 F% g" A8 K5 x7 }* q3 N3 [
# no default banner path1 u4 X6 u* B* w6 v8 Z% p# I
#Banner none) K8 Q0 G/ O4 \/ [" m$ c2 |
, s. O$ _, w C$ w( m- n x. j! b# override default of no subsystems
3 s1 o& M: t) ZSubsystem sftp /opt/libexec/sftp-server# I3 M6 ^( \8 v& _# b O
$ x$ K9 J0 V0 k6 e
# Example of overriding settings on a per-user basis
) E% ^9 @* Q# @9 ]/ \0 m9 g#Match User anoncvs
6 ^9 v$ x% F- x" e: X- `" {# X11Forwarding no
3 e6 [( k! K' X8 z4 w! l# AllowTcpForwarding no/ v \. o- a. c: W+ N
# ForceCommand cvs server |
|