|
v版pre 1.45,装了openssh,以前老版本的openssh好像是默认密码登录的,现在要密匙,感觉没必要,又改回密码认证了$ m5 i" ` G( w$ ~
. |/ s @8 a' F8 w
配置文件sshd_config改了一下就可以了,但是遇到一个奇怪的问题,每次第一次连接,如果wifi没先激活就用winscp之类的ssh客户端连接,就会出现”不支持的验证方式“的错误,重启关机pre也没用,只有把resolv.conf的nameserver更新了才行,附上我的配置文件,不知道跟设置有关系吗
: _# U0 t' M8 f( Z) _$ M6 {7 L$ V- j: B5 s" }5 J& M
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
) ]$ {; W7 t2 V3 n* [/ ~ `& ?" e# m5 G E* F* |1 s2 H2 {
# This is the sshd server system-wide configuration file. See
; l+ `4 e. p1 v, F# sshd_config(5) for more information.0 g, J% M3 Z# y0 c
: {9 L) Y( u5 |! X( G
# This sshd was compiled with PATH=/opt/sbin:/opt/bin:/usr/sbin:/usr/bin:/sbin:/bin
O: i, I, \6 f+ ^$ P$ I9 k: @8 {6 T: Z' ~+ R
# The strategy used for options in the default sshd_config shipped with
; W3 c, Y6 l0 O5 u# OpenSSH is to specify options with their default value where
7 A5 u- y3 M( g* l' L# possible, but leave them commented. Uncommented options change a
0 U p* Y% v1 ]+ l# ]# default value.
4 Y/ r' d) B6 h) g2 ]
' }8 K: x( B4 w- Z- c' f#Port 22
( g0 p! j! Q, _; v" D% ~* Q/ \" a#AddressFamily any" q4 \: ?3 O y: S7 M; V8 h: [
#ListenAddress 0.0.0.0$ {# r& S7 k9 j! H! y7 b
#ListenAddress ::
5 A4 z) Y" \/ }8 D- d& k. k3 p. @2 k9 H) n0 _" \
# Disable legacy (protocol version 1) support in the server for new: a: y0 K& c! |! M2 Z$ c; k
# installations. In future the default will change to require explicit7 z( c) z6 q6 Q/ x" A, f0 {
# activation of protocol 1. S! a+ ], ?7 n6 R- W! a; K5 E
Protocol 26 \, i( U5 f, s5 x# l' u$ q
* ~% F; L+ J; i" b2 P# HostKey for protocol version 1, a# V& p Z5 O1 J% b5 A6 d
#HostKey /opt/etc/openssh/ssh_host_key4 B% l. U: _, g" j X2 i& _
# HostKeys for protocol version 2% \( L& s' Z! n! `1 F/ O
#HostKey /opt/etc/openssh/ssh_host_rsa_key
; V" o: P/ ]% `8 W" Y#HostKey /opt/etc/openssh/ssh_host_dsa_key
4 v6 \) x4 D+ g; {9 c7 z# S4 q/ a8 `/ `0 N- W/ }3 s
# Lifetime and size of ephemeral version 1 server key0 O1 L$ h# b4 K' j
#KeyRegenerationInterval 1h
8 i5 S' y# V, L: w#ServerKeyBits 1024
; x6 z+ Z0 t' |- w* f( E
6 z: ]' x4 {7 a& J+ o" M# Logging M2 V2 W) Q6 z2 P( z/ Q& z' T* f3 @
# obsoletes QuietMode and FascistLogging/ L3 t# _2 I4 o) s+ U6 ]: ]
#SyslogFacility AUTH
! x& e. v) Z2 S' b( n- Q+ B#LogLevel INFO
/ O1 M/ q; @# \9 d1 G& x
" C, j1 {1 k/ Z9 p( [8 Y" P: L# Authentication:
0 s+ q: T4 K' b. M
" F6 q6 T7 K% ~: J& R#LoginGraceTime 2m
) \1 @- R8 n ^8 q# ?& ePermitRootLogin yes1 s1 U0 c/ Q2 h$ m4 r* G" h& g( K
#StrictModes yes& i n K+ M! I) J+ d
#MaxAuthTries 6
6 U J' K# B0 G/ H#MaxSessions 10
5 {1 W% Y9 ]5 c3 \% ?2 Z' J/ n+ J
, U1 B0 X4 V! u7 p, P0 {1 f9 BRSAAuthentication no0 F5 L$ i, W% r/ O. L4 a
PubkeyAuthentication no/ o1 M$ R! C0 X2 U3 q
#AuthorizedKeysFile .ssh/authorized_keys
+ T! E! o+ k) ~2 I
2 K, _2 s: l6 M" F3 A& }# For this to work you will also need host keys in /opt/etc/openssh/ssh_known_hosts: a- |9 o4 N: j) `; _, v
#RhostsRSAAuthentication no
( q8 U+ J* h3 g/ b# similar for protocol version 2
8 d* V- o% I* @; c: x#HostbasedAuthentication no
4 t+ K/ E. s: y; Q( C# Change to yes if you don't trust ~/.ssh/known_hosts for
8 j" t9 P$ R' V! y: [7 a6 ?* y. i# RhostsRSAAuthentication and HostbasedAuthentication
$ B P$ h7 u; T# G' j/ Q#IgnoreUserKnownHosts no
9 O& l8 d+ p5 N/ P% }3 b" q; M3 p# Don't read the user's ~/.rhosts and ~/.shosts files
1 C5 [8 T: x% f1 P#IgnoreRhosts yes
1 U m' b `( u! b- y# }
) S: }: c5 Q [ M/ y3 M' S# x2 {; Q# To disable tunneled clear text passwords, change to no here!
! Y# d7 T9 x v5 l/ m8 n, MPasswordAuthentication yes9 t _6 ~& l8 x
PermitEmptyPasswords yes
! j) b; w9 H* s& e& t0 y8 N3 J# |; \2 S3 f" v. C5 L
# Change to no to disable s/key passwords
/ Z, t! E5 N+ P- m. Q/ CChallengeResponseAuthentication yes& ^) w s# d3 `* T- [: P
: B2 F$ I1 J4 W; W
# Kerberos options L9 M4 x7 u! H/ Q( z
KerberosAuthentication yes
c9 B9 w6 b9 z, m! N) [# a% H" k#KerberosOrLocalPasswd yes
; B; F# J9 `6 t3 F#KerberosTicketCleanup yes
% q3 v( Y: _. D5 \ h#KerberosGetAFSToken no: i* k5 [# m* y: d; q% d
1 N- _. n. E# L7 \
# GSSAPI options
* e. I2 A9 a: [/ o#GSSAPIAuthentication no1 d" |3 g1 S$ z# g p
#GSSAPICleanupCredentials yes
6 X8 G2 t! Q+ V; s+ z5 O0 N+ }+ E/ O
# Set this to 'yes' to enable PAM authentication, account processing, 4 r& v+ P/ F; p: \ ]! R
# and session processing. If this is enabled, PAM authentication will
5 N6 B* V$ A+ l a5 L# be allowed through the ChallengeResponseAuthentication and0 [# d& j5 r% H' `* W& ^& \' y5 ^
# PasswordAuthentication. Depending on your PAM configuration,& i8 ^+ M% v+ V# a
# PAM authentication via ChallengeResponseAuthentication may bypass
' A0 r. i$ s" E. f7 L1 \# the setting of "PermitRootLogin without-password".
' v5 x5 Y! E$ y; `! m( D. T# If you just want the PAM account and session checks to run without
# e' y/ q7 Q9 x7 I# J! I# PAM authentication, then enable this but set PasswordAuthentication0 x9 a4 i6 {; @3 h& E7 Q4 }& `% |
# and ChallengeResponseAuthentication to 'no'.( P. _' ~/ a4 c: s( m5 D. x
UsePAM yes
1 N2 s t1 L6 S4 Y( U0 f4 d% L' x1 h$ q- A, t
#AllowAgentForwarding yes
$ Z( K) R/ ~" m. C#AllowTcpForwarding yes
. z0 k# B$ q% `#GatewayPorts no; I6 h) V# u& @5 s
#X11Forwarding no5 E; ?( m2 a4 }* q* h$ {2 Q' f
#X11DisplayOffset 10
0 Q8 D/ O$ l2 c% H5 [6 V l#X11UseLocalhost yes( U! t4 e6 B8 K: m# d3 W
#PrintMotd yes
$ |" w9 |" y) N+ K#PrintLastLog yes5 E `& }3 S5 x' S2 }
#TCPKeepAlive yes# U, g+ d4 I9 Q+ ^. y
#UseLogin no
6 ~1 T' W# S4 f. h7 k, D6 A4 x5 z#UsePrivilegeSeparation yes
( t/ T) R7 Q% l1 k+ h a8 F#PermitUserEnvironment no
. K, l* B9 I8 Y r6 u#Compression delayed
3 b; L' Z' V0 v4 N& A#ClientAliveInterval 0' y$ @! H7 S" H- \! e9 e$ l {% n% P
#ClientAliveCountMax 3/ `7 V# {9 J% o7 |
#UseDNS yes6 f N A2 L0 O2 ~& n! u V
#PidFile /opt/var/run/sshd.pid) Q K) A3 T6 |8 H
#MaxStartups 10
; i" g# O4 J2 g8 F* ^: l#PermitTunnel no
+ P1 C% {0 R: V+ I; T! p( s* Y8 B#ChrootDirectory none* [5 |5 P- ]: ]/ R& G
) o. X, S- o6 {3 Q% Q% o' h
# no default banner path) m& A' n. I& M) g
#Banner none
6 b' I& V0 m$ }
$ e2 Q- ~5 S/ }9 H2 a# override default of no subsystems
" x, B1 H+ T& J+ z4 s3 ]+ CSubsystem sftp /opt/libexec/sftp-server5 ^9 r; ~. U0 r* B I( n
6 L2 F. j2 i5 b) h$ Y: D
# Example of overriding settings on a per-user basis; ~* I% t1 c a+ t$ a7 }9 w
#Match User anoncvs8 [/ P# c1 I, z& z: L- k& B
# X11Forwarding no
# T/ k/ i! P) y b3 K# V# AllowTcpForwarding no
, s% n) j+ L" j7 Q0 I# ForceCommand cvs server |
|