openssh改密码认证后

prenewbie

v版pre 1.45，装了openssh，以前老版本的openssh好像是默认密码登录的，现在要密匙，感觉没必要，又改回密码认证了

配置文件sshd_config改了一下就可以了，但是遇到一个奇怪的问题，每次第一次连接，如果wifi没先激活就用winscp之类的ssh客户端连接，就会出现”不支持的验证方式“的错误，重启关机pre也没用，只有把resolv.conf的nameserver更新了才行，附上我的配置文件，不知道跟设置有关系吗
: _# U0 t' M8 f( Z) _$ M
#        $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
) ]$ {; W7 t2 V3 n* [/ ~  `& ?" e
# This is the sshd server system-wide configuration file.  See
; l+ `4 e. p1 v, F# sshd_config(5) for more information.

# This sshd was compiled with PATH=/opt/sbin:/opt/bin:/usr/sbin:/usr/bin:/sbin:/bin
  O: i, I, \6 f+ ^$ P$ I
# The strategy used for options in the default sshd_config shipped with
; W3 c, Y6 l0 O5 u# OpenSSH is to specify options with their default value where
7 A5 u- y3 M( g* l' L# possible, but leave them commented.  Uncommented options change a
0 U  p* Y% v1 ]+ l# ]# default value.
4 Y/ r' d) B6 h) g2 ]
' }8 K: x( B4 w- Z- c' f#Port 22
( g0 p! j! Q, _; v" D% ~* Q/ \" a#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
5 A4 z) Y" \/ }8 D- d& k. k
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

* ~% F; L+ J; i" b2 P# HostKey for protocol version 1
#HostKey /opt/etc/openssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /opt/etc/openssh/ssh_host_rsa_key
; V" o: P/ ]% `8 W" Y#HostKey /opt/etc/openssh/ssh_host_dsa_key
4 v6 \) x4 D+ g; {
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
8 i5 S' y# V, L: w#ServerKeyBits 1024
; x6 z+ Z0 t' |- w* f( E
6 z: ]' x4 {7 a& J+ o" M# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
! x& e. v) Z2 S' b( n- Q+ B#LogLevel INFO
/ O1 M/ q; @# \9 d1 G& x
" C, j1 {1 k/ Z9 p( [8 Y" P: L# Authentication:
0 s+ q: T4 K' b. M
" F6 q6 T7 K% ~: J& R#LoginGraceTime 2m
) \1 @- R8 n  ^8 q# ?& ePermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
6 U  J' K# B0 G/ H#MaxSessions 10
5 {1 W% Y9 ]5 c3 \% ?2 Z' J/ n+ J
, U1 B0 X4 V! u7 p, P0 {1 f9 BRSAAuthentication no
PubkeyAuthentication no
#AuthorizedKeysFile        .ssh/authorized_keys
+ T! E! o+ k) ~2 I
2 K, _2 s: l6 M" F3 A& }# For this to work you will also need host keys in /opt/etc/openssh/ssh_known_hosts
#RhostsRSAAuthentication no
( q8 U+ J* h3 g/ b# similar for protocol version 2
8 d* V- o% I* @; c: x#HostbasedAuthentication no
4 t+ K/ E. s: y; Q( C# Change to yes if you don't trust ~/.ssh/known_hosts for
8 j" t9 P$ R' V! y: [7 a6 ?* y. i# RhostsRSAAuthentication and HostbasedAuthentication
$ B  P$ h7 u; T# G' j/ Q#IgnoreUserKnownHosts no
9 O& l8 d+ p5 N/ P% }3 b" q; M3 p# Don't read the user's ~/.rhosts and ~/.shosts files
1 C5 [8 T: x% f1 P#IgnoreRhosts yes
1 U  m' b  `( u! b- y# }
) S: }: c5 Q  [  M/ y3 M' S# x2 {; Q# To disable tunneled clear text passwords, change to no here!
! Y# d7 T9 x  v5 l/ m8 n, MPasswordAuthentication yes
PermitEmptyPasswords yes
! j) b; w9 H* s& e& t0 y
# Change to no to disable s/key passwords
/ Z, t! E5 N+ P- m. Q/ CChallengeResponseAuthentication yes

# Kerberos options
KerberosAuthentication yes
  c9 B9 w6 b9 z, m! N) [# a% H" k#KerberosOrLocalPasswd yes
; B; F# J9 `6 t3 F#KerberosTicketCleanup yes
% q3 v( Y: _. D5 \  h#KerberosGetAFSToken no

# GSSAPI options
* e. I2 A9 a: [/ o#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
6 X8 G2 t! Q+ V; s
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
5 N6 B* V$ A+ l  a5 L# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
' A0 r. i$ s" E. f7 L1 \# the setting of "PermitRootLogin without-password".
' v5 x5 Y! E$ y; `! m( D. T# If you just want the PAM account and session checks to run without
# e' y/ q7 Q9 x7 I# J! I# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
1 N2 s  t1 L6 S4 Y( U
#AllowAgentForwarding yes
$ Z( K) R/ ~" m. C#AllowTcpForwarding yes
. z0 k# B$ q% `#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
0 Q8 D/ O$ l2 c% H5 [6 V  l#X11UseLocalhost yes
#PrintMotd yes
$ |" w9 |" y) N+ K#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
6 ~1 T' W# S4 f. h7 k, D6 A4 x5 z#UsePrivilegeSeparation yes
( t/ T) R7 Q% l1 k+ h  a8 F#PermitUserEnvironment no
. K, l* B9 I8 Y  r6 u#Compression delayed
3 b; L' Z' V0 v4 N& A#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /opt/var/run/sshd.pid
#MaxStartups 10
; i" g# O4 J2 g8 F* ^: l#PermitTunnel no
+ P1 C% {0 R: V+ I; T! p( s* Y8 B#ChrootDirectory none

# no default banner path
#Banner none
6 b' I& V0 m$ }
$ e2 Q- ~5 S/ }9 H2 a# override default of no subsystems
" x, B1 H+ T& J+ z4 s3 ]+ CSubsystem        sftp        /opt/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#        X11Forwarding no
# T/ k/ i! P) y  b3 K# V#        AllowTcpForwarding no
, s% n) j+ L" j7 Q0 I#        ForceCommand cvs server

prenewbie

感觉这个openssh不太稳定，有时候会验证失败，然后造成vpn都工作不正常了

cantondiablo

俺的oppensh就从来没有连接上成功过，郁闷

freezex

这是我每次刷机后装ssh所用的配置文件,用wqi发到手机上,即可用密码登录.供参考

/opt/etc/openssh/sshd_config

1. Port 22
   , y+ @8 k" g" `1 ~. z3 D% q9 C
2. Protocol 2
   
3. PermitRootLogin yes
   
4. PasswordAuthentication yes
   3 J2 T$ N+ Y. @* _4 T  `4 V1 j
5. PermitEmptyPasswords no
   7 E8 m. q1 F0 `% \3 b
6. Subsystem        sftp        /opt/libexec/sftp-server

复制代码

/etc/event.d/mobi.optware.openssh

1. description "OpenSSH Daemon"
   
2. 
   
3. start on stopped finish
   
4. stop on runlevel [!2]
   
5. 
   
6. console none
   
7. 
   
8. # Make sure SSH sessions don't slow down GUI use
   
9. nice 5
   
10. 
    % P" g' X1 W# X8 [) N6 f' i6 Z8 w
11. # Restart the SSH daemon if it exits/dies
    
12. respawn
    
13. 
    , t! b0 v& w" [; e
14. # -D doesn't detach and become daemon
    
15. # -p sets the TCP port
    4 {) P3 |3 q/ L  P4 l+ E
16. # -o "PasswordAuthentication no" prohibits login using password
    
17. # but allows login using ssh key based authentication (same behavior as -s in dropbear)
    
18. # -o "PermitRootLogin without-password" prohibits root login using password
    ' v5 m4 r* y1 e! X
19. # but allows root login using ssh key based authentication (same behavior as -g in dropbear)
    ( }& l8 j( w! t; B( e1 |9 ]
20. exec /opt/sbin/sshd -D
    
21. 
    : e" d$ i' n' l: I7 L# Z
22. pre-start script
    ! `& q5 _1 x/ }1 t8 u! p+ O: Z
23.      # Add firewall rule to allow SSH access over WiFi on port 22
    
24.      # Remove the "-i eth0" on both of the following lines to enable SSH access
    # z! i. J- z/ Q+ |: k2 j+ @+ y
25.      # over the cellular data network (EVDO, etc).
    ! g. ^( f  ~& j" ?0 I
26.      /usr/sbin/iptables -D INPUT -i eth0 -p tcp --dport 22 -j ACCEPT || /bin/true
    ( g# g3 o7 Q7 r4 [- h
27.      /usr/sbin/iptables -I INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
    
28. end script
    , V1 {) k' w8 o
29. 
    
30. # end of file
    6 V$ z  _( m' n8 Q' W

复制代码

! w" s* y; g) y[ Edited by freezex on 2010-10-8 10:09 ]

szlittle

俺的oppensh就从来没有连接上成功过，郁闷2