|
v版pre 1.45,装了openssh,以前老版本的openssh好像是默认密码登录的,现在要密匙,感觉没必要,又改回密码认证了
3 x3 h6 P1 [* ~: o, P4 ? `% J7 ]9 a* z. K( W- {4 g0 O
配置文件sshd_config改了一下就可以了,但是遇到一个奇怪的问题,每次第一次连接,如果wifi没先激活就用winscp之类的ssh客户端连接,就会出现”不支持的验证方式“的错误,重启关机pre也没用,只有把resolv.conf的nameserver更新了才行,附上我的配置文件,不知道跟设置有关系吗
/ d+ v% c0 m7 ~
, y( k1 L. S8 z7 {# D) v# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
1 V4 o" j6 S* r& D) ?0 j1 e. h2 z/ g) S" T8 t) D3 O P
# This is the sshd server system-wide configuration file. See* r$ V: ]1 k. Z7 `, ?% a
# sshd_config(5) for more information.+ G' m. U/ h: q
2 ^1 H2 N" D! ]. X9 O9 J# This sshd was compiled with PATH=/opt/sbin:/opt/bin:/usr/sbin:/usr/bin:/sbin:/bin
$ }2 v: {( K% N# J4 m4 |5 j
1 [& C/ s8 n; `/ P: }# The strategy used for options in the default sshd_config shipped with
% Y* r( Z, G( i* i- `# OpenSSH is to specify options with their default value where
+ X: ?4 ~% _( G" k* g( o# possible, but leave them commented. Uncommented options change a
: A. d: ~5 C5 \# T# default value.8 i1 y9 ], z R4 G8 b( V1 ^
# @& W8 k0 v A! v
#Port 22
6 x* ?. o. h7 s; ]#AddressFamily any
6 J& d+ O5 ?* E2 v% X1 \#ListenAddress 0.0.0.0" V0 T {& [, D) k: N4 T
#ListenAddress ::
& |( v8 b" x! f8 q% B; }6 s5 @; |* t% G+ u
# Disable legacy (protocol version 1) support in the server for new+ B5 \9 e$ A8 L
# installations. In future the default will change to require explicit
! g/ L5 _. K. j# activation of protocol 1
! b& b) ^6 R* d# ^+ {( OProtocol 2% s7 P+ m3 ?0 Y- O" T- ^" J( c
, B; p$ r8 n, h4 _# Q
# HostKey for protocol version 1; v* Q/ Q' K( t }
#HostKey /opt/etc/openssh/ssh_host_key0 b' j4 P5 z" D( D
# HostKeys for protocol version 2 L/ H& u( J5 |
#HostKey /opt/etc/openssh/ssh_host_rsa_key; @( Y2 }. q7 ?9 }7 I
#HostKey /opt/etc/openssh/ssh_host_dsa_key
7 a! @2 h3 K+ m4 W- V" W$ M
2 S( K, P: ^4 P9 E# ^) _# Lifetime and size of ephemeral version 1 server key" [% t9 t2 |/ h. D* z
#KeyRegenerationInterval 1h
) U: B; p3 U, A% ]#ServerKeyBits 1024! u0 {5 K( |; I; ]( @
, f( N; U$ }. ?% @' b# Logging: R& B. d' u/ W) i- |! [, H3 m
# obsoletes QuietMode and FascistLogging
9 k7 D u2 ?/ e P#SyslogFacility AUTH
5 G8 f. E! J! q* Q( l! M#LogLevel INFO
* k/ S" u2 _4 @; X7 w. O$ t2 k1 q( B1 m: x& D y
# Authentication:, ^: M/ [: B6 z3 G0 D0 {
3 E* [% o+ R, ]6 n4 |' h# _#LoginGraceTime 2m% Z: P6 q: w0 n$ H- d( N' J! p0 d( l
PermitRootLogin yes
* J; u. |6 R. \6 P8 {#StrictModes yes
) r" L# X" P, k! S! B#MaxAuthTries 6
* @( c& G2 \1 X) \: s* B& _#MaxSessions 10+ X6 P% o9 T+ h: n+ z
# D, S8 c$ b+ ~. V$ o: z: H
RSAAuthentication no) B4 G7 k- F. S, W& m1 Y. W+ s7 r& B
PubkeyAuthentication no
, L2 u8 o% k* c( z/ H#AuthorizedKeysFile .ssh/authorized_keys Y8 k; G+ h6 \9 L
! A4 x6 O, I: _, k8 B, ]) d
# For this to work you will also need host keys in /opt/etc/openssh/ssh_known_hosts
' Z7 Q: y5 X& _# v$ l9 \6 N#RhostsRSAAuthentication no( Z$ P- Z' t: E! S; j. ?0 \
# similar for protocol version 20 w. g* F6 w6 Q: x, m! s5 i& G, _- z( W
#HostbasedAuthentication no4 }- U7 C2 Y; l" |3 x2 ]. W
# Change to yes if you don't trust ~/.ssh/known_hosts for/ t! J# L1 w' [
# RhostsRSAAuthentication and HostbasedAuthentication- S* E2 Q8 H% H# l; i
#IgnoreUserKnownHosts no, E$ A0 l5 h" l( {
# Don't read the user's ~/.rhosts and ~/.shosts files) l+ n' p0 n. g% ^
#IgnoreRhosts yes. E2 z/ s) j! [
& C9 W2 q$ `8 S8 ]" e7 P# To disable tunneled clear text passwords, change to no here!* i% j" o2 a% x& v% M) b
PasswordAuthentication yes0 C( B9 |5 c M& L
PermitEmptyPasswords yes
; W2 u& x$ Q. ^) H L, B: w( m" I; {- Y+ C! I1 |5 S9 S9 K+ H
# Change to no to disable s/key passwords
( ]' O$ ?% \: N9 D, x; W: qChallengeResponseAuthentication yes
0 o9 R9 d5 ]- U6 H" K
8 l8 ~/ d; z4 _; E0 V4 x n0 g+ V# Kerberos options
( s8 d( y2 W) I. o" [KerberosAuthentication yes$ y4 `3 T# y' @. r% D; N: T4 Q
#KerberosOrLocalPasswd yes
! ~+ ^# k/ e) z# G#KerberosTicketCleanup yes( l! D6 _% k. J) \ v
#KerberosGetAFSToken no3 a1 c2 m9 M% u6 y! x* q5 _( L) Y
/ ~- c9 ~8 K( I2 n7 G2 R# GSSAPI options
1 J8 D% T+ B6 K% ^3 n+ T3 E#GSSAPIAuthentication no. V; G; J" S( e7 K' X
#GSSAPICleanupCredentials yes
! t: G# X+ u' ]" U( z
4 T% l B: f; V2 M" b6 ]# t+ U# Set this to 'yes' to enable PAM authentication, account processing,
& O! c0 T& [4 W6 u4 C; D& H r1 I# and session processing. If this is enabled, PAM authentication will & F4 j$ C' K0 b- S5 u1 m; L. k
# be allowed through the ChallengeResponseAuthentication and
, i" M5 ^6 c, S0 {# PasswordAuthentication. Depending on your PAM configuration,
" o$ H1 a$ b; l1 I7 L0 h# PAM authentication via ChallengeResponseAuthentication may bypass
8 Y8 Q- L x$ p) ?# the setting of "PermitRootLogin without-password".
% j$ M; \% n0 u# If you just want the PAM account and session checks to run without$ S' f% V3 k' I: Y9 I
# PAM authentication, then enable this but set PasswordAuthentication
. A1 P" `) o1 }4 u3 _8 c" U6 i# and ChallengeResponseAuthentication to 'no'.7 X! \" D1 S& k- r4 G, h
UsePAM yes% q+ ~, b: Y3 Q) K1 f. J2 f
% a. d5 L; _. ^2 j
#AllowAgentForwarding yes; C; k- g) g8 h0 q- W' p
#AllowTcpForwarding yes
7 U9 N5 B( e0 j2 h' p5 H7 A#GatewayPorts no
* E$ Z+ ?7 p& ]) f" e#X11Forwarding no
8 h2 H6 h9 `" ]$ k/ y9 ?5 U) R#X11DisplayOffset 10' K; q/ _# Q& g+ R$ O3 S
#X11UseLocalhost yes- I$ |, z+ X; f; u
#PrintMotd yes
; Z. D& B: B/ J: N1 f#PrintLastLog yes$ Z2 \; v1 L% T" a
#TCPKeepAlive yes
! e( W3 M! A( \/ t#UseLogin no
9 g, R ], u k2 A6 M6 B4 D#UsePrivilegeSeparation yes5 v9 ]9 j( A4 D9 z- |8 E
#PermitUserEnvironment no
9 S4 R% E% T0 t8 o#Compression delayed
) P- Q6 \8 O a, U! i; s. K#ClientAliveInterval 0
$ w7 q0 d# K! L8 X# o#ClientAliveCountMax 3# ]1 q+ I: H; k1 T
#UseDNS yes
4 E X1 }( r" l9 \#PidFile /opt/var/run/sshd.pid
2 \- N, K+ q% p0 ]1 A#MaxStartups 10
# y3 `8 G" H5 ~' O2 j, [#PermitTunnel no! _; n" F$ {) _; R
#ChrootDirectory none
% n, o$ b, R: Z4 }( t" P/ C1 B
3 _" Q- Q$ x$ u: s- J0 J/ U# no default banner path3 \8 M& Z. S1 G: A. s$ U+ g
#Banner none& A8 j6 T6 N. D: u
' H6 T% A4 U) s$ T# override default of no subsystems
% C, C0 P% E5 z; L% kSubsystem sftp /opt/libexec/sftp-server
, @% ]9 [9 F4 B4 R3 V9 C; S V g2 R4 W
# Example of overriding settings on a per-user basis
2 H3 V+ P/ Z6 j8 J0 U#Match User anoncvs
6 a3 l% u7 n& p7 F: G! y# X11Forwarding no v3 ]: R& w% \/ @
# AllowTcpForwarding no
9 x' Q" v# W) ?, x9 ]# ~5 \# ForceCommand cvs server |
|