亚洲欧美精品沙发,日韩在线精品视频,亚洲Av每日更新在线观看,亚洲国产另类一区在线5

<pre id="hdphd"></pre>

  • <div id="hdphd"><small id="hdphd"></small></div>
      學(xué)習(xí)啦>學(xué)習(xí)電腦>選購(gòu)與維護(hù)>電腦組裝教程>

      配置Solaris允許SSH遠(yuǎn)程登錄

      時(shí)間: 林澤1002 分享

        Oracle Solaris 10操作系統(tǒng)安裝完成后,默認(rèn)配置下,不允許root通過(guò)SSH登錄系統(tǒng)。下面是學(xué)習(xí)啦小編收集整理的配置Solaris允許SSH遠(yuǎn)程登錄,希望對(duì)大家有幫助~~

        配置Solaris允許SSH遠(yuǎn)程登錄

        工具/原料

        Solaris 10

        方法/步驟

        1) 配置/etc/ssh/sshd_config的PermitRootLogin參數(shù)

        #

        # gedit /etc/ssh/sshd_config

        # cat /etc/ssh/sshd_config

        # Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.

        #

        # ident "@(#)sshd_config 1.10 10/10/19 SMI"

        #

        # Configuration file for sshd(1m)

        # Protocol versions supported

        #

        # The sshd shipped in this release of Solaris has support for major versions

        # 1 and 2. It is recommended due to security weaknesses in the v1 protocol

        # that sites run only v2 if possible. Support for v1 is provided to help sites

        # with existing ssh v1 clients/servers to transition.

        # Support for v1 may not be available in a future release of Solaris.

        #

        # To enable support for v1 an RSA1 key must be created with ssh-keygen(1).

        # RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they

        # do not already exist, RSA1 keys for protocol v1 are not automatically created.

        # Uncomment ONLY ONE of the following Protocol statements.

        # Only v2 (recommended)

        Protocol 2

        # Both v1 and v2 (not recommended)

        #Protocol 2,1

        # Only v1 (not recommended)

        #Protocol 1

        # Listen port (the IANA registered port number for ssh is 22)

        Port 22

        # The default listen address is all interfaces, this may need to be changed

        # if you wish to restrict the interfaces sshd listens on for a multi homed host.

        # Multiple ListenAddress entries are allowed.

        # IPv4 only

        #ListenAddress 0.0.0.0

        # IPv4 & IPv6

        ListenAddress ::

        # Port forwarding

        AllowTcpForwarding no

        # If port forwarding is enabled, specify if the server can bind to INADDR_ANY.

        # This allows the local port forwarding to work when connections are received

        # from any remote host.

        GatewayPorts no

        # X11 tunneling options

        X11Forwarding yes

        X11DisplayOffset 10

        X11UseLocalhost yes

        # The maximum number of concurrent unauthenticated connections to sshd.

        # start:rate:full see sshd(1) for more information.

        # The default is 10 unauthenticated clients.

        #MaxStartups 10:30:60

        # Banner to be printed before authentication starts.

        #Banner /etc/issue

        # Should sshd print the /etc/motd file and check for mail.

        # On Solaris it is assumed that the login shell will do these (eg /etc/profile).

        PrintMotd no

        # KeepAlive specifies whether keep alive messages are sent to the client.

        # See sshd(1) for detailed description of what this means.

        # Note that the client may also be sending keep alive messages to the server.

        KeepAlive yes

        # Syslog facility and level

        SyslogFacility auth

        LogLevel info

        #

        # Authentication configuration

        #

        # Host private key files

        # Must be on a local disk and readable only by the root user (root:sys 600).

        HostKey /etc/ssh/ssh_host_rsa_key

        HostKey /etc/ssh/ssh_host_dsa_key

        # Length of the server key

        # Default 768, Minimum 512

        ServerKeyBits 768

        # sshd regenerates the key every KeyRegenerationInterval seconds.

        # The key is never stored anywhere except the memory of sshd.

        # The default is 1 hour (3600 seconds).

        KeyRegenerationInterval 3600

        # Ensure secure permissions on users .ssh directory.

        StrictModes yes

        # Length of time in seconds before a client that hasn't completed

        # authentication is disconnected.

        # Default is 600 seconds. 0 means no time limit.

        LoginGraceTime 600

        # Maximum number of retries for authentication

        # Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2

        MaxAuthTries 6

        MaxAuthTriesLog 3

        # Are logins to accounts with empty passwords allowed.

        # If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK

        # to pam_authenticate(3PAM).

        PermitEmptyPasswords no

        # To disable tunneled clear text passwords, change PasswordAuthentication to no.

        PasswordAuthentication yes

        # Use PAM via keyboard interactive method for authentication.

        # Depending on the setup of pam.conf(4) this may allow tunneled clear text

        # passwords even when PasswordAuthentication is set to no. This is dependent

        # on what the individual modules request and is out of the control of sshd

        # or the protocol.

        PAMAuthenticationViaKBDInt yes

        # Are root logins permitted using sshd.

        # Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user

        # maybe denied access by a PAM module regardless of this setting.

        # Valid options are yes, without-password, no.

        # PermitRootLogin no

        PermitRootLogin yes

        # sftp subsystem

        Subsystem sftp internal-sftp

        # SSH protocol v1 specific options

        #

        # The following options only apply to the v1 protocol and provide

        # some form of backwards compatibility with the very weak security

        # of /usr/bin/rsh. Their use is not recommended and the functionality

        # will be removed when support for v1 protocol is removed.

        # Should sshd use .rhosts and .shosts for password less authentication.

        IgnoreRhosts yes

        RhostsAuthentication no

        # Rhosts RSA Authentication

        # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.

        # If the user on the client side is not root then this won't work on

        # Solaris since /usr/bin/ssh is not installed setuid.

        RhostsRSAAuthentication no

        # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.

        #IgnoreUserKnownHosts yes

        # Is pure RSA authentication allowed.

        # Default is yes

        RSAAuthentication yes

        2) 重啟SSH服務(wù),使配置生效

        # svcadm restart ssh

        3) 重啟系統(tǒng)

        可能需要重啟Solaris后,root才可以遠(yuǎn)程登錄。

        # reboot

        44) 遠(yuǎn)程登錄

        Last login: Wed Jan 7 17:14:15 2015 from 192.168.137.105

        Oracle Corporation SunOS 5.10 Generic Patch January 2005

      配置遠(yuǎn)程登錄相關(guān)文章:

      1.HCL模擬器如何配置交換機(jī)遠(yuǎn)程登錄

      2.H3C交換機(jī)配置本地登錄和遠(yuǎn)程登錄的用戶(hù)名和密碼教程

      3.如何設(shè)置遠(yuǎn)端WEB管理功能

      4.h3c模擬器器配置telnet遠(yuǎn)程登陸

      5.華為交換機(jī)如何配置telnet登錄設(shè)備

      6.教你Linux的遠(yuǎn)程登錄方法和無(wú)密碼登錄方法

      7.遠(yuǎn)程訪問(wèn)服務(wù)器怎么配置

      2872224