openssh改密码认证后

prenewbie

v版pre 1.45，装了openssh，以前老版本的openssh好像是默认密码登录的，现在要密匙，感觉没必要，又改回密码认证了
* V$ i& M2 v2 t& v7 i5 v: k: f& j
2 v4 |7 T- _1 ?: p- C配置文件sshd_config改了一下就可以了，但是遇到一个奇怪的问题，每次第一次连接，如果wifi没先激活就用winscp之类的ssh客户端连接，就会出现”不支持的验证方式“的错误，重启关机pre也没用，只有把resolv.conf的nameserver更新了才行，附上我的配置文件，不知道跟设置有关系吗
1 J& j* [4 r# N/ e& d+ J
#        $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
" i7 f8 _6 X  M
# This sshd was compiled with PATH=/opt/sbin:/opt/bin:/usr/sbin:/usr/bin:/sbin:/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
- F. H  K2 p/ T1 p5 K8 E, M# i# possible, but leave them commented.  Uncommented options change a
7 D* ?# }! N7 I0 Q- H& S. v# default value.
. Z$ q' C8 @  L' O
# n0 N" R& r! t) q#Port 22
#AddressFamily any
, r4 ]+ K" B( u1 h#ListenAddress 0.0.0.0
#ListenAddress ::
+ u3 F9 u0 [/ q# f1 S1 o
4 I9 {  b7 u5 n# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
# S& ]1 F/ |3 Q+ I7 UProtocol 2

# HostKey for protocol version 1
#HostKey /opt/etc/openssh/ssh_host_key
& w1 T& q  h" L6 W) x4 {1 X0 w# HostKeys for protocol version 2
9 r& x- O- w- |2 u: k4 c! z; _' f#HostKey /opt/etc/openssh/ssh_host_rsa_key
#HostKey /opt/etc/openssh/ssh_host_dsa_key

, L5 Q/ _: Z" x0 T# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
* R; C, s: N) l! A8 y& x9 W
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
9 C: J" h/ b. i# C) h  @  b2 o#LogLevel INFO

. J/ g& a; o! g3 M  Z% a# Authentication:
! D; l; P( k1 q4 x/ ^1 i
#LoginGraceTime 2m
PermitRootLogin yes
1 T( T; R* `5 g- ^$ ?#StrictModes yes
#MaxAuthTries 6
) R% b5 O* x  {( b5 z, g( T! r#MaxSessions 10
% m3 j9 [% z& \2 [
' A. A* [4 u0 T+ B6 u7 y4 D/ HRSAAuthentication no
PubkeyAuthentication no
#AuthorizedKeysFile        .ssh/authorized_keys
2 Y1 a7 h; v4 l" X2 R* l% |3 @3 u
" o( m5 E: z% q; f+ f, b# For this to work you will also need host keys in /opt/etc/openssh/ssh_known_hosts
7 ^" T) ^3 U$ I& R" g#RhostsRSAAuthentication no
; n  w# f; u! P/ B3 F# similar for protocol version 2
#HostbasedAuthentication no
- V' c' X% G" y* Z( q  O/ o# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
+ c( ~* N. u7 s8 i#IgnoreUserKnownHosts no
- L* V0 H7 P  I+ v4 h) a5 n2 u) `# Don't read the user's ~/.rhosts and ~/.shosts files
1 J5 p/ ]) k2 y1 U3 q3 }6 m& X( A#IgnoreRhosts yes
$ ^* C5 T  _) c' e* |
% J7 ^+ a1 w, {  f# To disable tunneled clear text passwords, change to no here!
& U% I1 d0 Q. Y/ D# DPasswordAuthentication yes
PermitEmptyPasswords yes
2 P0 b, g0 W2 L. `  S4 d2 z: v
# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
  \% v' \4 l  Q4 L. z3 d
# Kerberos options
" v7 f+ R7 p8 n0 NKerberosAuthentication yes
  n1 ?7 j. E1 A% s4 l& s9 Y. v+ B#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
" ]: C3 q. k4 W) ]2 x9 `* s2 Y5 {
# GSSAPI options
0 ]5 }8 u. a: u5 F8 P#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

- G  K( J  U* L$ {- n# Set this to 'yes' to enable PAM authentication, account processing,
$ z6 H( ?. _+ f  p8 S# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
2 }+ W7 A4 ~+ n) E2 \% g# If you just want the PAM account and session checks to run without
+ |6 d5 {/ X1 B" I$ e: ^( M# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
( k; ~! k: C0 QUsePAM yes
: w; F/ }& p3 n
#AllowAgentForwarding yes
+ l% H3 j1 z! u. O; b  w# }# h4 [% z) ?#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
8 R9 k7 _; S6 x& ~# ~#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
. h5 z. s; F8 D8 N9 Q#PermitUserEnvironment no
, \& F5 q. |1 D! y" t! \; J#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
- p* {) A" J$ v; M, j* }#PidFile /opt/var/run/sshd.pid
#MaxStartups 10
  `7 {  l3 G$ L. v4 b' l* x#PermitTunnel no
% X( c5 }% N( r) ?5 H* X* N#ChrootDirectory none

- o, ]+ W& y8 E2 @2 [- ]0 U# no default banner path
5 S3 g6 K) s" B5 G4 c4 D#Banner none
, h, P: j7 B/ v( e" k5 k5 J& x
; H7 ]2 x* R+ g+ E6 w& W! j# override default of no subsystems
Subsystem        sftp        /opt/libexec/sftp-server

# Example of overriding settings on a per-user basis
6 N; I8 ^5 Q- s4 a8 {) r#Match User anoncvs
#        X11Forwarding no
, o$ [' }+ h' |) b) D+ Q, N#        AllowTcpForwarding no
' J6 l4 o% E, \8 L3 `8 X#        ForceCommand cvs server

prenewbie

感觉这个openssh不太稳定，有时候会验证失败，然后造成vpn都工作不正常了

cantondiablo

俺的oppensh就从来没有连接上成功过，郁闷

freezex

这是我每次刷机后装ssh所用的配置文件,用wqi发到手机上,即可用密码登录.供参考
, w6 N/ a+ H4 p6 C  ~9 l
  R2 L8 T( l7 b7 \- @/opt/etc/openssh/sshd_config

1. Port 22
   
2. Protocol 2
   4 T" `! E& b6 s: g& a
3. PermitRootLogin yes
   ' @5 {# H/ q# j2 w6 O* n
4. PasswordAuthentication yes
   
5. PermitEmptyPasswords no
   
6. Subsystem        sftp        /opt/libexec/sftp-server

复制代码

/etc/event.d/mobi.optware.openssh

1. description "OpenSSH Daemon"
   7 ~6 X7 {& Y( {. C: V
2. 
   ; E0 C8 ^. C2 G6 Z
3. start on stopped finish
   1 V* z9 U8 \3 |- N, {
4. stop on runlevel [!2]
   / r6 r7 I6 o, @& |" Q5 m
5. 
   ( u- ^* V" \; Y9 k  F  z$ e9 i- Z
6. console none
   
7. 
   
8. # Make sure SSH sessions don't slow down GUI use
   4 F- `" N" m! n: ~5 W
9. nice 5
   ) v/ t4 D2 I6 C& M  o% A0 I) _
10. 
    
11. # Restart the SSH daemon if it exits/dies
    + H7 b6 r: ]; n  i0 B# l& I; \
12. respawn
    * \# _( V* l9 W3 w9 d
13. 
    
14. # -D doesn't detach and become daemon
    
15. # -p sets the TCP port
    
16. # -o "PasswordAuthentication no" prohibits login using password
    ' U  J6 ?" F# ]- R
17. # but allows login using ssh key based authentication (same behavior as -s in dropbear)
    . T3 ~6 A. i2 M1 y0 f& X; ]
18. # -o "PermitRootLogin without-password" prohibits root login using password
    
19. # but allows root login using ssh key based authentication (same behavior as -g in dropbear)
    ' F* W0 I' g  J3 w$ X
20. exec /opt/sbin/sshd -D
    
21. 
    ) }1 u. K7 h8 F
22. pre-start script
    & f) H, m" ]/ E; r  {+ Z% s/ y& K
23.      # Add firewall rule to allow SSH access over WiFi on port 22
    
24.      # Remove the "-i eth0" on both of the following lines to enable SSH access
    % y- ~1 s* O( P- a6 k5 a
25.      # over the cellular data network (EVDO, etc).
    
26.      /usr/sbin/iptables -D INPUT -i eth0 -p tcp --dport 22 -j ACCEPT || /bin/true
    
27.      /usr/sbin/iptables -I INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
    9 D- J& d0 \: ^/ ^" k
28. end script
    
29. 
    ; l# g* C" d9 M$ G. a( H
30. # end of file
    

复制代码

[ Edited by freezex on 2010-10-8 10:09 ]

szlittle

俺的oppensh就从来没有连接上成功过，郁闷2