\u9996\u5148\u6211\u4eec\u627e\u5230\u7cfb\u7edf\u4e0b\/etc\/ssh\/sshd_config \u6587\u4ef6\u5e76\u7528 ee \/etc\/ssh\/sshd_config \u6253\u5f00\u5185\u5bb9\u5982\u4e0b\uff1a<\/p>\n
\r\n# $OpenBSD: sshd_config,v 1.80 2008\/07\/02 02:24:18 djm Exp $\r\n# $FreeBSD: src\/crypto\/openssh\/sshd_config,v 1.49.2.1.2.1 2009\/10\/25 01:10:29 kensmith\r\nExp $\r\n# This is the sshd server system-wide configuration file.\u00a0 See\r\n# sshd_config(5) for more information.\r\n# This sshd was compiled with PATH=\/usr\/bin:\/bin:\/usr\/sbin:\/sbin\r\n# The strategy used for options in the default sshd_config shipped with\r\n# OpenSSH is to specify options with their default value where\r\n# possible, but leave them commented.\u00a0 Uncommented options change a\r\n# default value.\r\n# Note that some of FreeBSD's defaults differ from OpenBSD's, and\r\n# FreeBSD has a few additional options.\r\n#VersionAddendum FreeBSD-20090522\r\nPort 222\u00a0 #\u53ef\u4fee\u6539\u7aef\u53e3\u53f7\uff0c\u9632\u6b62\u653b\u51fb\uff0c\u9ed8\u8ba4\u4e3a22\u7aef\u53e3\r\n#Protocol 2\r\n#AddressFamily any\r\n#ListenAddress 0.0.0.0\r\n#ListenAddress ::\r\n# Disable legacy (protocol version 1) support in the server for new\r\n# installations. In future the default will change to require explicit\r\n# activation of protocol 1\r\nProtocol 2\r\n# HostKey for protocol version 1\r\n#HostKey \/etc\/ssh\/ssh_host_key\r\n# HostKeys for protocol version 2\r\n#HostKey \/etc\/ssh\/ssh_host_rsa_key\r\n#HostKey \/etc\/ssh\/ssh_host_dsa_key\r\n# Lifetime and size of ephemeral version 1 server key\r\n#KeyRegenerationInterval 1h\r\n#ServerKeyBits 1024\r\n# Logging\r\n# obsoletes QuietMode and FascistLogging\r\n#SyslogFacility AUTH\r\n#LogLevel INFO\r\n# Authentication:\r\n#LoginGraceTime 2m\r\nPermitRootLogin no\u00a0\u00a0\u00a0 #\u662f\u5426\u5141\u8bb8ROOT\u7528\u6237\u76f4\u63a5\u767b\u9646\u7cfb\u7edf yes\u00a0 \u662f\u00a0 no \u5426\r\n#StrictModes yes\r\n#MaxAuthTries 6\r\n#MaxSessions 10\r\n#RSAAuthentication yes\r\n#PubkeyAuthentication yes\r\nAuthorizedKeysFile .ssh\/id_dsa.pub\u00a0 #\u4fee\u6539\u4f7f\u7528\u7528\u6237\u76ee\u5f55\u4e0bKEY\u516c\u5171\u6587\u4ef6\r\n# For this to work you will also need host keys in \/etc\/ssh\/ssh_known_hosts\r\n#RhostsRSAAuthentication no\r\n# similar for protocol version 2\r\n#HostbasedAuthentication no\r\n# Change to yes if you don't trust ~\/.ssh\/known_hosts for\r\n# RhostsRSAAuthentication and HostbasedAuthentication\r\n#IgnoreUserKnownHosts no\r\n# Don't read the user's ~\/.rhosts and ~\/.shosts files\r\n#IgnoreRhosts yes\r\n# Change to yes to enable built-in password authentication.\r\n#\u4fee\u6539\u53ef\u4ee5\u5bc6\u7801\u8fdb\u884c\u767b\u9646\r\nPasswordAuthentication no\u00a0\u00a0\u00a0\u00a0 # \u4e0d\u5141\u8bb8\u7528\u6237\u4f7f\u7528\u5bc6\u7801\u65b9\u5f0f\u767b\u5f55\r\nPermitEmptyPasswords no\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # \u7981\u6b62\u7a7a\u5bc6\u7801\u7684\u7528\u6237\u8fdb\u884c\u767b\u5f55\r\n# Change to no to disable PAM authentication\r\n#ChallengeResponseAuthentication yes\r\n# Kerberos options\r\n#KerberosAuthentication no\r\n#KerberosOrLocalPasswd yes\r\n#KerberosTicketCleanup yes\r\n#KerberosGetAFSToken no\r\n# GSSAPI options\r\n#GSSAPIAuthentication no\r\n#GSSAPICleanupCredentials yes\r\n# Set this to 'no' to disable PAM authentication, account processing,\r\n# and session processing. If this is enabled, PAM authentication will\r\n# be allowed through the ChallengeResponseAuthentication and\r\n# PasswordAuthentication.\u00a0 Depending on your PAM configuration,\r\n# PAM authentication via ChallengeResponseAuthentication may bypass\r\n# the setting of "PermitRootLogin without-password".\r\n# If you just want the PAM account and session checks to run without\r\n# PAM authentication, then enable this but set PasswordAuthentication\r\n# and ChallengeResponseAuthentication to 'no'.\r\n#UsePAM yes\r\n#AllowAgentForwarding yes\r\n#AllowTcpForwarding yes\r\n#GatewayPorts no\r\n#X11Forwarding yes\r\n#X11DisplayOffset 10\r\n#X11UseLocalhost yes\r\n#PrintMotd yes\r\n#PrintLastLog yes\r\n#TCPKeepAlive yes\r\n#UseLogin no\r\n#UsePrivilegeSeparation yes\r\n#PermitUserEnvironment no\r\n#Compression delayed\r\n#ClientAliveInterval 0\r\n#ClientAliveCountMax 3\r\n#UseDNS yes\r\n#PidFile \/var\/run\/sshd.pid\r\n#MaxStartups 10\r\n#PermitTunnel no\r\n#ChrootDirectory none\r\n# no default banner path\r\n#Banner none\r\n# override default of no subsystems\r\nSubsystem sftp \/usr\/libexec\/sftp-server\r\n# Example of overriding settings on a per-user basis\r\n#Match User anoncvs\r\n# X11Forwarding no\r\n# AllowTcpForwarding no\r\n# ForceCommand cvs server\r\nOK\uff0c\u4ee5\u4e0aSSH\u914d\u7f6e\u4fee\u6539\u5b8c\u6210\uff01\u8fdb\u884c\u91cd\u542fSSH\u670d\u52a1\uff0c\r\nleaf# \/etc\/rc.d\/sshd restart\r\nStopping sshd.\r\nStarting sshd.\r\n\u8fdb\u5165\u4e0b\u4e00\u6b65\u751f\u6210Key\r\nleaf# ssh-keygen -t dsa\u00a0\u00a0 \u8f93\u5165\u751f\u6210\u8bed\u53e5\r\nGenerating public\/private dsa key pair.\r\nEnter file in which to save the key (\/root\/.ssh\/id_dsa):\u00a0 # \u9ed8\u8ba4\u56de\u8f66\u5373\u53ef\uff0c\u6216\u662f\u9009\u62e9\u4f60\u8981\u5b58\u653e\u7684\u4f4d\u7f6e\r\nCreated directory '\/root\/.ssh'.\r\nEnter passphrase (empty for no passphrase):\u00a0 #\u8f93\u5165\u5bc6\u5319\u7684\u5bc6\u7801\r\nEnter same passphrase again:\u00a0\u00a0\u00a0\u00a0 #\u518d\u6b21\u8f93\u5165\u5bc6\u5319\u7684\u5bc6\u7801\r\nYour identification has been saved in \/root\/.ssh\/id_dsa.\r\nYour public key has been saved in \/root\/.ssh\/id_dsa.pub.\r\nThe key fingerprint is:\r\n11:d6:63:26:84:fc:4f:6d:c3:9a:fa:50:ff:08:f4:0b root@leaf\r\nThe key's randomart image is:\r\n+--[ DSA 1024]----+\r\n|\u00a0\u00a0\u00a0\u00a0 . o+.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n|\u00a0\u00a0\u00a0\u00a0\u00a0 o...=\u00a0\u00a0\u00a0\u00a0\u00a0 |\r\n|\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ..+ +\u00a0\u00a0\u00a0\u00a0 |\r\n|\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ... =\u00a0\u00a0\u00a0 |\r\n|\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Soo+ .\u00a0\u00a0 |\r\n|\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 o+o\u00a0\u00a0\u00a0\u00a0 |\r\n|\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ..E o\u00a0\u00a0\u00a0 |\r\n|\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 .. o +\u00a0\u00a0 |\r\n|\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 .. o .\u00a0 |\r\n+-----------------+\r\nleaf# ll \/root\/\u00a0 #\u67e5\u770broot\u76ee\u5f55\u662f\u5426\u751f\u6210\u4e86.ssh\u76ee\u5f55\r\ntotal 16\r\n-rw-r--r--\u00a0 2 root\u00a0 wheel\u00a0\u00a0 812 Mar\u00a0 9 06:53 .cshrc\r\n-rw-------\u00a0 1 root\u00a0 wheel\u00a0 2369 Mar 10 07:26 .history\r\n-rw-r--r--\u00a0 1 root\u00a0 wheel\u00a0\u00a0 155 Nov 21 22:57 .k5login\r\n-rw-r--r--\u00a0 1 root\u00a0 wheel\u00a0\u00a0 303 Nov 21 22:57 .login\r\n-rw-------\u00a0 1 root\u00a0 wheel\u00a0\u00a0 332 Feb\u00a0 4 00:55 .mysql_history\r\n-rw-r--r--\u00a0 2 root\u00a0 wheel\u00a0\u00a0 265 Nov 21 22:57 .profile\r\ndrwx------\u00a0 2 root\u00a0 wheel\u00a0\u00a0 512 Mar 12 06:37 .ssh\r\nleaf# ll \/root\/.ssh\/\u00a0 #\u67e5\u770b.ssh\u76ee\u5f55\u4e0b\u662f\u5426\u6709id_dsa \u548cid_dsa.pub \u4e24\u4e2a\u6587\u4ef6\r\ntotal 4\r\n-rw-------\u00a0 1 root\u00a0 wheel\u00a0 736 Mar 12 06:37 id_dsa\u00a0\u00a0\u00a0\u00a0\u00a0 #\u786e\u8ba4\u79c1\u94a5\u5df2\u7ecf\u5efa\u7acb\r\n-rw-r--r--\u00a0 1 root\u00a0 wheel\u00a0 603 Mar 12 06:37 id_dsa.pub\u00a0 #\u786e\u8ba4\u516c\u94a5\u5df2\u7ecf\u5efa\u7acb\r\n\r\n\u63a5\u4e0b\u53bb\u4e0b\u8f7did_dsa \u6587\u4ef6\uff0c\u5e76\u914d\u7f6e\u5230\u76f8\u5e94\u7684\u7528\u6237SSH\u767b\u9646\u8f6f\u4ef6\u4e2d\u3002\u8bb0\u4f4f\u4e0b\u8f7d\u5b8cid_dsa\u6587\u4ef6\u540e\uff0c\u8bb0\u5f97\u5220\u9664id_dsa\u6587\u4ef6\uff01\r\n\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a\r\nleaf# rm -r id_dsa\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"\u9996\u5148\u6211\u4eec\u627e\u5230\u7cfb\u7edf\u4e0b\/etc\/ssh\/sshd_co…<\/p>\n