追梦者的IT技术博客

现在位置:首页 » freebsd » FreeBSD 10.2 设置sshd

FreeBSD 10.2 设置sshd
作者:admin   分类:freebsd   评论(0)   浏览(1703)   关键词: FreeBSD 10.2 设置sshd

FreeBSD 10.2 设置sshd

因为笔者爱好FreeBSD,于是乎说干就干用了虚机装了FreeBSD 10。各种等待后系统终于安装完成但因为在虚拟机中操作不方便,于是决定用ssh远程操作系统。之前笔者也研究过配置方法,但最终以失败告终。终于在今天笔者多方查找资料后找到了开启的方式,现在我将方法分享给大家希望可以帮助到和笔者有同样问题的朋友。

首先用cd命令切换到/etc/ssh/sshd_config 再用vi命令编辑 

	
    
		
		
  1. 
			root@bsdserver:/etc/ssh # vi sshd_config
		
    2. 

		
  2. 
			 
		
    3. 

		
  3. 
			 
		
    4. 

		
  4. 
			#       $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
		
    5. 

		
  5. 
			#       $FreeBSD: releng/10.2/crypto/openssh/sshd_config 264692 2014-04-20 12:46:18Z des $
		
    6. 

		
  6. 
			 
		
    7. 

		
  7. 
			# This is the sshd server system-wide configuration file.  See
		
    8. 

		
  8. 
			# sshd_config(5) for more information.
		
    9. 

		
  9. 
			 
		
    10. 

		
  10. 
			# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
		
    11. 

		
  11. 
			 
		
    12. 

		
  12. 
			# The strategy used for options in the default sshd_config shipped with
		
    13. 

		
  13. 
			# OpenSSH is to specify options with their default value where
		
    14. 

		
  14. 
			# possible, but leave them commented.  Uncommented options override the
		
    15. 

		
  15. 
			# default value.
		
    16. 

		
  16. 
			 
		
    17. 

		
  17. 
			# Note that some of FreeBSD's defaults differ from OpenBSD's, and
		
    18. 

		
  18. 
			# FreeBSD has a few additional options.
		
    19. 

		
  19. 
			 
		
    20. 

		
  20. 
			#Port 22
		
    21. 

		
  21. 
			#AddressFamily any
		
    22. 

		
  22. 
			#ListenAddress 0.0.0.0
		
    23. 

		
  23. 
			#ListenAddress ::
		
    24. 

		
  24. 
			 
		
    25. 

		
  25. 
			# The default requires explicit activation of protocol 1
		
    26. 

		
  26. 
			#Protocol 2
		
    27. 

		
  27. 
			 
		
    28. 

		
  28. 
			# HostKey for protocol version 1
		
    29. 

		
  29. 
			#HostKey /etc/ssh/ssh_host_key
		
    30. 

		
  30. 
			# HostKeys for protocol version 2
		
    31. 

		
  31. 
			#HostKey /etc/ssh/ssh_host_rsa_key
		
    32. 

		
  32. 
			#HostKey /etc/ssh/ssh_host_dsa_key
		
    33. 

		
  33. 
			#HostKey /etc/ssh/ssh_host_ecdsa_key
		
    34. 

		
  34. 
			#HostKey /etc/ssh/ssh_host_ed25519_key
		
    35. 

		
  35. 
			 
		
    36. 

		
  36. 
			# Lifetime and size of ephemeral version 1 server key
		
    37. 

		
  37. 
			#KeyRegenerationInterval 1h
		
    38. 

		
  38. 
			#ServerKeyBits 1024
		
    39. 

		
  39. 
			 
		
    40. 

		
  40. 
			# Ciphers and keying
		
    41. 

		
  41. 
			#RekeyLimit default none
		
    42. 

		
  42. 
			 
		
    43. 

		
  43. 
			# Logging
		
    44. 

		
  44. 
			# obsoletes QuietMode and FascistLogging
		
    45. 

		
  45. 
			#SyslogFacility AUTH
		
    46. 

		
  46. 
			#LogLevel INFO
		
    47. 

		
  47. 
			 
		
    48. 

		
  48. 
			# Authentication:
		
    49. 

		
  49. 
			 
		
    50. 

		
  50. 
			#LoginGraceTime 2m
		
    51. 

		
  51. 
			#PermitRootLogin no
		
    52. 

		
  52. 
			#StrictModes yes
		
    53. 

		
  53. 
			#MaxAuthTries 6
		
    54. 

		
  54. 
			#MaxSessions 10
		
    55. 

		
  55. 
			 
		
    56. 

		
  56. 
			#RSAAuthentication yes
		
    57. 

		
  57. 
			#PubkeyAuthentication yes
		
    58. 

		
  58. 
			 
		
    59. 

		
  59. 
			# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
		
    60. 

		
  60. 
			#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
		
    61. 

		
  61. 
			 
		
    62. 

		
  62. 
			#AuthorizedPrincipalsFile none
		
    63. 

		
  63. 
			 
		
    64. 

		
  64. 
			#AuthorizedKeysCommand none
		
    65. 

		
  65. 
			#AuthorizedKeysCommandUser nobody
		
    66. 

		
  66. 
			 
		
    67. 

		
  67. 
			# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
		
    68. 

		
  68. 
			#RhostsRSAAuthentication no
		
    69. 

		
  69. 
			# similar for protocol version 2
		
    70. 

		
  70. 
			#HostbasedAuthentication no
		
    71. 

		
  71. 
			# Change to yes if you don't trust ~/.ssh/known_hosts for
		
    72. 

		
  72. 
			# RhostsRSAAuthentication and HostbasedAuthentication
		
    73. 

		
  73. 
			#IgnoreUserKnownHosts no
		
    74. 

		
  74. 
			# Don't read the user's ~/.rhosts and ~/.shosts files
		
    75. 

		
  75. 
			#IgnoreRhosts yes
		
    76. 

		
  76. 
			 
		
    77. 

		
  77. 
			# Change to yes to enable built-in password authentication.
		
    78. 

		
  78. 
			#PasswordAuthentication no
		
    79. 

		
  79. 
			#PermitEmptyPasswords no
		
    80. 

		
  80. 
			 
		
    81. 

		
  81. 
			# Change to no to disable PAM authentication
		
    82. 

		
  82. 
			#ChallengeResponseAuthentication yes
		
    83. 

		
  83. 
			 
		
    84. 

		
  84. 
			# Kerberos options
		
    85. 

		
  85. 
			#KerberosAuthentication no
		
    86. 

		
  86. 
			#KerberosOrLocalPasswd yes
		
    87. 

		
  87. 
			#KerberosTicketCleanup yes
		
    88. 

		
  88. 
			#KerberosGetAFSToken no
		
    89. 

		
  89. 
			 
		
    90. 

		
  90. 
			# GSSAPI options
		
    91. 

		
  91. 
			#GSSAPIAuthentication no
		
    92. 

		
  92. 
			#GSSAPICleanupCredentials yes
		
    93. 

		
  93. 
			 
		
    94. 

		
  94. 
			# Set this to 'no' to disable PAM authentication, account processing,
		
    95. 

		
  95. 
			# and session processing. If this is enabled, PAM authentication will
		
    96. 

		
  96. 
			# be allowed through the ChallengeResponseAuthentication and
		
    97. 

		
  97. 
			# PasswordAuthentication.  Depending on your PAM configuration,
		
    98. 

		
  98. 
			# PAM authentication via ChallengeResponseAuthentication may bypass
		
    99. 

		
  99. 
			# the setting of "PermitRootLogin without-password".
		
    100. 

		
  100. 
			# If you just want the PAM account and session checks to run without
		
    101. 

		
  101. 
			# PAM authentication, then enable this but set PasswordAuthentication
		
    102. 

		
  102. 
			# and ChallengeResponseAuthentication to 'no'.
		
    103. 

		
  103. 
			#UsePAM yes
		
    104. 

		
  104. 
			 
		
    105. 

		
  105. 
			#AllowAgentForwarding yes
		
    106. 

		
  106. 
			#AllowTcpForwarding yes
		
    107. 

		
  107. 
			# and session processing. If this is enabled, PAM authentication will
		
    108. 

		
  108. 
			# be allowed through the ChallengeResponseAuthentication and
		
    109. 

		
  109. 
			# PasswordAuthentication.  Depending on your PAM configuration,
		
    110. 

		
  110. 
			# PAM authentication via ChallengeResponseAuthentication may bypass
		
    111. 

		
  111. 
			# the setting of "PermitRootLogin without-password".
		
    112. 

		
  112. 
			# If you just want the PAM account and session checks to run without
		
    113. 

		
  113. 
			# PAM authentication, then enable this but set PasswordAuthentication
		
    114. 

		
  114. 
			# and ChallengeResponseAuthentication to 'no'.
		
    115. 

		
  115. 
			#UsePAM yes
		
    116. 

		
  116. 
			 
		
    117. 

		
  117. 
			#AllowAgentForwarding yes
		
    118. 

		
  118. 
			#AllowTcpForwarding yes
		
    119. 

		
  119. 
			#GatewayPorts no
		
    120. 

		
  120. 
			#X11Forwarding yes
		
    121. 

		
  121. 
			#X11DisplayOffset 10
		
    122. 

		
  122. 
			#X11UseLocalhost yes
		
    123. 

		
  123. 
			#PermitTTY yes
		
    124. 

		
  124. 
			#PrintMotd yes
		
    125. 

		
  125. 
			#PrintLastLog yes
		
    126. 

		
  126. 
			#TCPKeepAlive yes
		
    127. 

		
  127. 
			#UseLogin no
		
    128. 

		
  128. 
			#UsePrivilegeSeparation sandbox
		
    129. 

		
  129. 
			#PermitUserEnvironment no
		
    130. 

		
  130. 
			#Compression delayed
		
    131. 

		
  131. 
			#ClientAliveInterval 0
		
    132. 

		
  132. 
			#ClientAliveCountMax 3
		
    133. 

		
  133. 
			#UseDNS yes
		
    134. 

		
  134. 
			#PidFile /var/run/sshd.pid
		
    135. 

		
  135. 
			#MaxStartups 10:30:100
		
    136. 

		
  136. 
			#PermitTunnel no
		
    137. 

		
  137. 
			#ChrootDirectory none
		
    138. 

		
  138. 
			#VersionAddendum FreeBSD-20140420
		
    139. 

		
  139. 
			 
		
    140. 

		
  140. 
			# no default banner path
		
    141. 

		
  141. 
			#Banner none
		
    142. 

		
  142. 
			 
		
    143. 

		
  143. 
			# override default of no subsystems
		
    144. 

		
  144. 
			Subsystem sftp /usr/libexec/sftp-server
		
    145. 

		
  145. 
			 
		
    146. 

		
  146. 
			# Disable HPN tuning improvements.
		
    147. 

		
  147. 
			#HPNDisabled no
		
    148. 

		
  148. 
			 
		
    149. 

		
  149. 
			# Buffer size for HPN to non-HPN connections.
		
    150. 

		
  150. 
			#HPNBufferSize 2048
		
    151.

#PermitRootLogin no  前面的#号去掉 再把no改为yes即可

    转载分享请注明原文地址(追梦者的IT技术博客):https://it.zhuimengba.com/post-8.html

相关文章