學(xué)習(xí)啦>學(xué)習(xí)電腦>選購與維護(hù)>電腦組裝教程>

配置Solaris允許SSH遠(yuǎn)程登錄

時間: 林澤1002 分享

  Oracle Solaris 10操作系統(tǒng)安裝完成后,默認(rèn)配置下,不允許root通過SSH登錄系統(tǒng)。下面是學(xué)習(xí)啦小編收集整理的配置Solaris允許SSH遠(yuǎn)程登錄,希望對大家有幫助~~

  配置Solaris允許SSH遠(yuǎn)程登錄

  工具/原料

  Solaris 10

  方法/步驟

  1) 配置/etc/ssh/sshd_config的PermitRootLogin參數(shù)

  #

  # gedit /etc/ssh/sshd_config

  # cat /etc/ssh/sshd_config

  # Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.

  #

  # ident "@(#)sshd_config 1.10 10/10/19 SMI"

  #

  # Configuration file for sshd(1m)

  # Protocol versions supported

  #

  # The sshd shipped in this release of Solaris has support for major versions

  # 1 and 2. It is recommended due to security weaknesses in the v1 protocol

  # that sites run only v2 if possible. Support for v1 is provided to help sites

  # with existing ssh v1 clients/servers to transition.

  # Support for v1 may not be available in a future release of Solaris.

  #

  # To enable support for v1 an RSA1 key must be created with ssh-keygen(1).

  # RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they

  # do not already exist, RSA1 keys for protocol v1 are not automatically created.

  # Uncomment ONLY ONE of the following Protocol statements.

  # Only v2 (recommended)

  Protocol 2

  # Both v1 and v2 (not recommended)

  #Protocol 2,1

  # Only v1 (not recommended)

  #Protocol 1

  # Listen port (the IANA registered port number for ssh is 22)

  Port 22

  # The default listen address is all interfaces, this may need to be changed

  # if you wish to restrict the interfaces sshd listens on for a multi homed host.

  # Multiple ListenAddress entries are allowed.

  # IPv4 only

  #ListenAddress 0.0.0.0

  # IPv4 & IPv6

  ListenAddress ::

  # Port forwarding

  AllowTcpForwarding no

  # If port forwarding is enabled, specify if the server can bind to INADDR_ANY.

  # This allows the local port forwarding to work when connections are received

  # from any remote host.

  GatewayPorts no

  # X11 tunneling options

  X11Forwarding yes

  X11DisplayOffset 10

  X11UseLocalhost yes

  # The maximum number of concurrent unauthenticated connections to sshd.

  # start:rate:full see sshd(1) for more information.

  # The default is 10 unauthenticated clients.

  #MaxStartups 10:30:60

  # Banner to be printed before authentication starts.

  #Banner /etc/issue

  # Should sshd print the /etc/motd file and check for mail.

  # On Solaris it is assumed that the login shell will do these (eg /etc/profile).

  PrintMotd no

  # KeepAlive specifies whether keep alive messages are sent to the client.

  # See sshd(1) for detailed description of what this means.

  # Note that the client may also be sending keep alive messages to the server.

  KeepAlive yes

  # Syslog facility and level

  SyslogFacility auth

  LogLevel info

  #

  # Authentication configuration

  #

  # Host private key files

  # Must be on a local disk and readable only by the root user (root:sys 600).

  HostKey /etc/ssh/ssh_host_rsa_key

  HostKey /etc/ssh/ssh_host_dsa_key

  # Length of the server key

  # Default 768, Minimum 512

  ServerKeyBits 768

  # sshd regenerates the key every KeyRegenerationInterval seconds.

  # The key is never stored anywhere except the memory of sshd.

  # The default is 1 hour (3600 seconds).

  KeyRegenerationInterval 3600

  # Ensure secure permissions on users .ssh directory.

  StrictModes yes

  # Length of time in seconds before a client that hasn't completed

  # authentication is disconnected.

  # Default is 600 seconds. 0 means no time limit.

  LoginGraceTime 600

  # Maximum number of retries for authentication

  # Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2

  MaxAuthTries 6

  MaxAuthTriesLog 3

  # Are logins to accounts with empty passwords allowed.

  # If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK

  # to pam_authenticate(3PAM).

  PermitEmptyPasswords no

  # To disable tunneled clear text passwords, change PasswordAuthentication to no.

  PasswordAuthentication yes

  # Use PAM via keyboard interactive method for authentication.

  # Depending on the setup of pam.conf(4) this may allow tunneled clear text

  # passwords even when PasswordAuthentication is set to no. This is dependent

  # on what the individual modules request and is out of the control of sshd

  # or the protocol.

  PAMAuthenticationViaKBDInt yes

  # Are root logins permitted using sshd.

  # Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user

  # maybe denied access by a PAM module regardless of this setting.

  # Valid options are yes, without-password, no.

  # PermitRootLogin no

  PermitRootLogin yes

  # sftp subsystem

  Subsystem sftp internal-sftp

  # SSH protocol v1 specific options

  #

  # The following options only apply to the v1 protocol and provide

  # some form of backwards compatibility with the very weak security

  # of /usr/bin/rsh. Their use is not recommended and the functionality

  # will be removed when support for v1 protocol is removed.

  # Should sshd use .rhosts and .shosts for password less authentication.

  IgnoreRhosts yes

  RhostsAuthentication no

  # Rhosts RSA Authentication

  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.

  # If the user on the client side is not root then this won't work on

  # Solaris since /usr/bin/ssh is not installed setuid.

  RhostsRSAAuthentication no

  # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.

  #IgnoreUserKnownHosts yes

  # Is pure RSA authentication allowed.

  # Default is yes

  RSAAuthentication yes

  2) 重啟SSH服務(wù),使配置生效

  # svcadm restart ssh

  3) 重啟系統(tǒng)

  可能需要重啟Solaris后,root才可以遠(yuǎn)程登錄。

  # reboot

  44) 遠(yuǎn)程登錄

  Last login: Wed Jan 7 17:14:15 2015 from 192.168.137.105

  Oracle Corporation SunOS 5.10 Generic Patch January 2005

配置遠(yuǎn)程登錄相關(guān)文章:

1.HCL模擬器如何配置交換機(jī)遠(yuǎn)程登錄

2.H3C交換機(jī)配置本地登錄和遠(yuǎn)程登錄的用戶名和密碼教程

3.如何設(shè)置遠(yuǎn)端WEB管理功能

4.h3c模擬器器配置telnet遠(yuǎn)程登陸

5.華為交換機(jī)如何配置telnet登錄設(shè)備

6.教你Linux的遠(yuǎn)程登錄方法和無密碼登錄方法

7.遠(yuǎn)程訪問服務(wù)器怎么配置

2872224