欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  科技

FreeBSD系统SSH配置详解

程序员文章站 2022-07-07 11:15:32
修改freebsd可以用sshd权限用户登录ssh 但不能用root用户登录的方法 在/etc/ssh/sshd_config最后中加入  PermitRootLogin yes #允许root登录 PermitEmptyPasswords no #不允... 08-09-08...

修改freebsd可以用sshd权限用户登录ssh 但不能用root用户登录的方法

在/etc/ssh/sshd_config最后中加入 

permitrootlogin yes #允许root登录
permitemptypasswords no #不允许空密码登录
passwordauthentication yes # 设置是否使用口令验证。
就可以了

freebsd ssh配置详解

首先vi编辑/etc/inetd.conf,去掉ssh前的#,保存退出 (开启****ssh服务)
编辑/etc/rc.conf
最后加入:sshd_enable="yes"即可
激活sshd服务:
techo#/etc/rc.d/sshd start
用下面命令检查服务是否启动,在22端口应该有****。
#netstat -an ## check port number 22
最后
vi /etc/ssh/sshd_config,
下面是我的配置文件:(/etc/ssh/sshd_config)
####################################################

# $openbsd: sshd_config,v 1.72 2005/07/25 11:59:40 markus exp $
# $freebsd: src/crypto/openssh/sshd_config,v 1.42.2.1 2005/09/11 16:50:35 des exp $

# this is the sshd server system-wide configuration file. see
# sshd_config(5) for more information.

# this sshd was compiled with path=/usr/bin:/bin:/usr/sbin:/sbin

# the strategy used for options in the default sshd_config shipped with
# openssh is to specify options with their default value where
# possible, but leave them commented. uncommented options change a
# default value.

# note that some of freebsd's defaults differ from openbsd's, and
# freebsd has a few additional options.

#versionaddendum freebsd-20050903

#port 22
#protocol 2
#addressfamily any
#listenaddress 10.1.10.196
#listenaddress ::

# hostkey for protocol version 1
#hostkey /etc/ssh/ssh_host_key
# hostkeys for protocol version 2
#hostkey /etc/ssh/ssh_host_dsa_key

# lifetime and size of ephemeral version 1 server key
#keyregenerationinterval 1h
#serverkeybits 768

# logging
# obsoletes quietmode and fascistlogging
#syslogfacility auth
#loglevel info

# authentication:

#logingracetime 2m
#permitrootlogin no
#strictmodes yes
#maxauthtries 6

#rsaauthentication yes
#pubkeyauthentication yes
#authorizedkey .ssh/authorized_keys
# for this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#rhostsrsaauthentication no
# similar for protocol version 2
#hostbasedauthentication no
# change to yes if you don't trust ~/.ssh/known_hosts for
# rhostsrsaauthentication and hostbasedauthentication
#ignoreuserknownhosts no
# don't read the user's ~/.rhosts and ~/.shosts files
#ignorerhosts yes

# change to yes to enable built-in password authentication.
passwordauthentication yes
#permitemptypasswords no

# change to no to disable pam authentication
#challengeresponseauthentication yes

# kerberos options
#kerberosauthentication no
#kerberosorlocalpasswd yes
#kerberosticketcleanup yes
#kerberosgetafstoken no

# gssapi options
#gssapiauthentication no
#gssapicleanupcredentials yes

# set this to 'no' to disable pam authentication, account processing,
# and session processing. if this is enabled, pam authentication will
# be allowed through the challengeresponseauthentication mechanism.
# depending on your pam configuration, this may bypass the setting of
# passwordauthentication, permitemptypasswords, and
# "permitrootlogin without-password". if you just want the pam account and
# session checks to run without pam authentication, then enable this but set
# challengeresponseauthentication=no
#usepam yes

#allowtcpforwarding yes
#gatewayports no
#x11forwarding yes
#x11displayoffset 10
#x11uselocalhost yes
#printmotd yes
#printlastlog yes
#tcpkeepalive yes
#uselogin no
#useprivilegeseparation yes
#permituserenvironment no
#compression delayed
#clientaliveinterval 0
#clientalivecountmax 3
#usedns no
#pidfile /var/run/sshd.pid
#maxstartups 10

# no default banner path
#banner /some/path

# override default of no subsystems
subsystem sftp /usr/libexec/sftp-server

ignorerhosts yes
ignoreuserknownhosts yes
printmotd yes
strictmodes no
rsaauthentication yes
permitrootlogin yes #允许root登录
permitemptypasswords no #不允许空密码登录
passwordauthentication yes # 设置是否使用口令验证。

##############################################

记得修改完配置文件后,重新启动sshd服务器(/etc/rc.d/sshd restart)即可。
几点补充说明
1,如果重启后还是不行请重新载入sshd_config 文件
/etc/rc.d/sshd reload
2,如果出现using keyboard-interactive authentication
password:
请确认passwordauthentication是否已经改成yes
另外如果客户端是putty那么请确认"尝试'智能键盘'认证(ssh-2)"的勾是否有去掉
3,如果是使用root帐号登陆
请确认密码是否为空
空密码无法登陆
4请确认是否有安装ssh
sysinstall>>>configure>>>networking>>>sshd是否的勾是否有打上