修改freebsd可以用sshd权限用户登录ssh 但不能用root用户登录的方法
在/etc/ssh/sshd_config最后中加入
permitrootlogin yes #允许root登录
permitemptypasswords no #不允许空密码登录
passwordauthentication yes # 设置是否使用口令验证。
就可以了
freebsd ssh配置详解
首先vi编辑/etc/inetd.conf,去掉ssh前的#,保存退出 (开启****ssh服务)
编辑/etc/rc.conf
最后加入:sshd_enable="yes"即可
激活sshd服务:
techo#/etc/rc.d/sshd start
用下面命令检查服务是否启动,在22端口应该有****。
#netstat -an ## check port number 22
最后
vi /etc/ssh/sshd_config,
下面是我的配置文件:(/etc/ssh/sshd_config)
####################################################
# $openbsd: sshd_config,v 1.72 2005/07/25 11:59:40 markus exp $
# $freebsd: src/crypto/openssh/sshd_config,v 1.42.2.1 2005/09/11 16:50:35 des exp $
# this is the sshd server system-wide configuration file. see
# sshd_config(5) for more information.
# this sshd was compiled with path=/usr/bin:/bin:/usr/sbin:/sbin
# the strategy used for options in the default sshd_config shipped with
# openssh is to specify options with their default value where
# possible, but leave them commented. uncommented options change a
# default value.
# note that some of freebsd's defaults differ from openbsd's, and
# freebsd has a few additional options.
#versionaddendum freebsd-20050903
#port 22
#protocol 2
#addressfamily any
#listenaddress 10.1.10.196
#listenaddress ::
# hostkey for protocol version 1
#hostkey /etc/ssh/ssh_host_key
# hostkeys for protocol version 2
#hostkey /etc/ssh/ssh_host_dsa_key
# lifetime and size of ephemeral version 1 server key
#keyregenerationinterval 1h
#serverkeybits 768
# logging
# obsoletes quietmode and fascistlogging
#syslogfacility auth
#loglevel info
# authentication:
#logingracetime 2m
#permitrootlogin no
#strictmodes yes
#maxauthtries 6
#rsaauthentication yes
#pubkeyauthentication yes
#authorizedkey .ssh/authorized_keys
# for this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#rhostsrsaauthentication no
# similar for protocol version 2
#hostbasedauthentication no
# change to yes if you don't trust ~/.ssh/known_hosts for
# rhostsrsaauthentication and hostbasedauthentication
#ignoreuserknownhosts no
# don't read the user's ~/.rhosts and ~/.shosts files
#ignorerhosts yes
# change to yes to enable built-in password authentication.
passwordauthentication yes
#permitemptypasswords no
# change to no to disable pam authentication
#challengeresponseauthentication yes
# kerberos options
#kerberosauthentication no
#kerberosorlocalpasswd yes
#kerberosticketcleanup yes
#kerberosgetafstoken no
# gssapi options
#gssapiauthentication no
#gssapicleanupcredentials yes
# set this to 'no' to disable pam authentication, account processing,
# and session processing. if this is enabled, pam authentication will
# be allowed through the challengeresponseauthentication mechanism.
# depending on your pam configuration, this may bypass the setting of
# passwordauthentication, permitemptypasswords, and
# "permitrootlogin without-password". if you just want the pam account and
# session checks to run without pam authentication, then enable this but set
# challengeresponseauthentication=no
#usepam yes
#allowtcpforwarding yes
#gatewayports no
#x11forwarding yes
#x11displayoffset 10
#x11uselocalhost yes
#printmotd yes
#printlastlog yes
#tcpkeepalive yes
#uselogin no
#useprivilegeseparation yes
#permituserenvironment no
#compression delayed
#clientaliveinterval 0
#clientalivecountmax 3
#usedns no
#pidfile /var/run/sshd.pid
#maxstartups 10
# no default banner path
#banner /some/path
# override default of no subsystems
subsystem sftp /usr/libexec/sftp-server
ignorerhosts yes
ignoreuserknownhosts yes
printmotd yes
strictmodes no
rsaauthentication yes
permitrootlogin yes #允许root登录
permitemptypasswords no #不允许空密码登录
passwordauthentication yes # 设置是否使用口令验证。
##############################################
记得修改完配置文件后,重新启动sshd服务器(/etc/rc.d/sshd restart)即可。
几点补充说明
1,如果重启后还是不行请重新载入sshd_config 文件
/etc/rc.d/sshd reload
2,如果出现using keyboard-interactive authentication
password:
请确认passwordauthentication是否已经改成yes
另外如果客户端是putty那么请确认"尝试'智能键盘'认证(ssh-2)"的勾是否有去掉
3,如果是使用root帐号登陆
请确认密码是否为空
空密码无法登陆
4请确认是否有安装ssh
sysinstall>>>configure>>>networking>>>sshd是否的勾是否有打上
如对本文有疑问, 点击进行留言回复!!
我要评论
网友评论