FreeBSD下SSH安装配置

itisyang 2011-07-03

sshd的配置文件一般位于/etc/ssh/sshd_config。

终端下:#ee /etc/ssh/sshd_config

---------------------------------------------

#Protocol 2,1

修改为:

Protocol 2

#ListenAddress 0.0.0.0

修改为:

ListenAddress 0.0.0.0

#PermitRootLogin yes

修改为

PermitRootLogin yes

(Linux上默认允许root用户登录,此处可不修改。)

修改完成后重启sshd:

/etc/rc.d/sshd restart

/etc/rc.conf 中,添加一个:

sshd_enable="yes"

FreeBSD SSH配置详解  

首先vi编辑/etc/inetd.conf,去掉ssh前的#,保存退出

编辑/etc/rc.conf

最后加入:sshd_enable="yes"即可

激活sshd服务:

techo#/etc/rc.d/sshdstart

用下面命令检查服务是否启动,在22端口应该有监听。

#netstat-an##checkportnumber22

最后

vi /etc/ssh/sshd_config,

下面是我的配置文件:(/etc/ssh/sshd_config)####################################################

# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $# $FreeBSD: src/crypto/openssh/sshd_config,v 1.42.2.1 2005/09/11 16:50:35 des Exp $

# This is the sshd server system-wide configuration file. See# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

#OpenSSHistospecifyoptionswiththeirdefaultvaluewhere

#possible,butleavethemcommented.Uncommentedoptionschangea

# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20050903

#Port 22

#Protocol2

#AddressFamilyany

#ListenAddress10.1.10.196

#ListenAddress ::

# HostKey for protocol version 1

#HostKey/etc/ssh/ssh_host_key

#HostKeysforprotocolversion2

#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval1h

#ServerKeyBits 768

# Logging

#obsoletesQuietModeandFascistLogging

#SyslogFacilityAUTH

#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

#PermitRootLoginno

#StrictModesyes

#MaxAuthTries 6

#RSAAuthentication yes

#PubkeyAuthenticationyes

#AuthorizedKey.ssh/authorized_keys

#Forthistoworkyouwillalsoneedhostkeysin/etc/ssh/ssh_known_hosts

#RhostsRSAAuthenticationno

#similarforprotocolversion2

#HostbasedAuthenticationno

#Changetoyesifyoudon'ttrust~/.ssh/known_hostsfor

#RhostsRSAAuthenticationandHostbasedAuthentication

#IgnoreUserKnownHostsno

#Don'treadtheuser's~/.rhostsand~/.shostsfiles

#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.

PasswordAuthenticationyes

#PermitEmptyPasswords no

# Change to no to disable PAM authentication#ChallengeResponseAuthentication yes

# Kerberos options

#KerberosAuthenticationno

#KerberosOrLocalPasswdyes

#KerberosTicketCleanupyes

#KerberosGetAFSToken no

# GSSAPI options

#GSSAPIAuthenticationno

#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,

#andsessionprocessing.Ifthisisenabled,PAMauthenticationwill

#beallowedthroughtheChallengeResponseAuthenticationmechanism.

#DependingonyourPAMconfiguration,thismaybypassthesettingof

#PasswordAuthentication,PermitEmptyPasswords,and

#"PermitRootLoginwithout-password".IfyoujustwantthePAMaccountand

#sessioncheckstorunwithoutPAMauthentication,thenenablethisbutset

#ChallengeResponseAuthentication=no

#UsePAM yes

#AllowTcpForwarding yes

#GatewayPortsno

Forwardingyes

DisplayOffset10

UseLocalhostyes

#PrintMotdyes

#PrintLastLogyes

#TCPKeepAliveyes

#UseLoginno

#UsePrivilegeSeparationyes

#PermitUserEnvironmentno

#Compressiondelayed

#ClientAliveInterval0

#ClientAliveCountMax3

#UseDNSno

#PidFile/var/run/sshd.pid

#MaxStartups 10

# no default banner path#Banner /some/path

# override default of no subsystemsSubsystem sftp /usr/libexec/sftp-server

IgnoreRhosts yes

IgnoreUserKnownHostsyes

PrintMotdyes

StrictModesno

RSAAuthenticationyes

PermitRootLoginyes#允许root登录

PermitEmptyPasswordsno#不允许空密码登录

PasswordAuthentication yes # 设置是否使用口令验证。

##############################################

记得修改完配置文件后,重新启动sshd服务器(/etc/rc.d/sshd restart)即可。

相关推荐