FreeBSD开启SSH远程登录

FreeBSD开启SSH远程登录
 

1、安装时选择上SSH,或者源码安装SSH
2、使用root登陆系统
3、使用ee编辑器编辑/etc/inetd.conf,去掉ssh前的#,按ctrl+c,再输入exit保存退出
4、编辑/etc/rc.conf,添加一行sshd_enable="YES"
5、编辑/etc/ssh/sshd_config,将
#PermitRootLogin no改为PermitRootLogin yes  //允许root登陆
#PasswordAuthentication no改为PasswordAuthentication yes//使用系统PAM认证
#PermitEmptyPasswords no改为PermitEmptyPasswords no//不允许空密码

保存退出
6、启动SSHD服务,/etc/rc.d/sshd start
7、查看服务是否启动,netstat -an,如果看到22端口有监听,恭喜!!!
8、准备好你的账号和ssh客户端登录吧!

下面是相应的配置文件:

inetd.conf

..............................................................

# $FreeBSD: release/9.0.0/etc/inetd.conf 206039 2010-04-01 13:13:09Z des $
#
# Internet server configuration database
#
# Define *both* IPv4 and IPv6 entries for dual-stack support.
# To disable a service, comment it out by prefixing the line with '#'.
# To enable a service, remove the '#' at the beginning of the line.
#
#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
ssh stream tcp nowait root /usr/sbin/sshd  sshd -i -4
#ssh stream tcp6 nowait root /usr/sbin/sshd  sshd -i -6
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
#shell stream tcp nowait root /usr/libexec/rshd rshd
#shell stream tcp6 nowait root /usr/libexec/rshd rshd
#login stream tcp nowait root /usr/libexec/rlogind rlogind
#login stream tcp6 nowait root /usr/libexec/rlogind rlogind
#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
#
# run comsat as root to be able to print partial mailbox contents w/ biff,
# or use the safer tty:tty to just print that new mail has been received.
#comsat dgram udp wait tty:tty /usr/libexec/comsat comsat
#
# ntalk is required for the 'talk' utility to work correctly
#ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd
#tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
#tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
#bootps dgram udp wait root /usr/libexec/bootpd bootpd
#
# "Small servers" -- used to be standard on, but we're more conservative
# about things due to Internet security concerns.  Only turn on what you
# need.
#
#daytime stream tcp nowait root internal
#daytime stream tcp6 nowait root internal
#daytime dgram udp wait root internal
#daytime dgram udp6 wait root internal
#time stream tcp nowait root internal
#time stream tcp6 nowait root internal
#time  dgram udp wait root internal
#time  dgram udp6 wait root internal
#echo stream tcp nowait root internal
#echo stream tcp6 nowait root internal
#echo dgram udp wait root internal
#echo dgram udp6 wait root internal
#discard stream tcp nowait root internal
#discard stream tcp6 nowait root internal
#discard dgram udp wait root internal
#discard dgram udp6 wait root internal
#chargen stream tcp nowait root internal
#chargen stream tcp6 nowait root internal
#chargen dgram udp wait root internal
#chargen dgram udp6 wait root internal
#
# CVS servers - for master CVS repositories only!  You must set the
# --allow-root path correctly or you open a trivial to exploit but
# deadly security hole.
#
#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here pserver
#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here kserver
#
# RPC based services (you MUST have rpcbind running to use these)
#
#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd  rpc.rstatd
#rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd
#walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld  rpc.rwalld
#pcnfsd/1-2 dgram rpc/udp wait root /usr/local/libexec/rpc.pcnfsd  rpc.pcnfsd
#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad
#sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd  rpc.sprayd
#
# example entry for the optional pop3 server
#
#pop3 stream tcp nowait root /usr/local/libexec/popper popper
#
# example entry for the optional imap4 server
#
#imap4 stream tcp nowait root /usr/local/libexec/imapd imapd
#
# example entry for the optional nntp server
#
#nntp stream tcp nowait news /usr/local/libexec/nntpd nntpd
#
# example entry for the optional uucpd server
#
#uucpd stream tcp nowait root /usr/local/libexec/uucpd uucpd
#
# Return error for all "ident" requests
#
#auth stream tcp nowait root internal
#auth stream tcp6 nowait root internal
#
# Provide internally a real "ident" service which provides ~/.fakeid support,
# provides ~/.noident support, reports UNKNOWN as the operating system type
# and times out after 30 seconds.
#
#auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30
#auth stream tcp6 nowait root internal auth -r -f -n -o UNKNOWN -t 30
#
# Example entry for an external ident server
#
#auth stream tcp wait root /usr/local/sbin/identd identd -w -t120
#
# Example entry for the optional qmail MTA
#  NOTE: This is no longer the correct way to handle incoming SMTP
#        connections for qmail.  Use tcpserver (http://cr.yp.to/ucspi-tcp.html)
#        instead.
#
#smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd
#
# Enable the following two entries to enable samba startup from inetd
# (from the Samba documentation).  Enable the third entry to enable the swat
# samba configuration tool.
#
#netbios-ssn stream tcp nowait  root /usr/local/sbin/smbd smbd
#netbios-ns dgram udp wait  root /usr/local/sbin/nmbd nmbd
#swat stream tcp nowait/400 root /usr/local/sbin/swat swat

sshd_config

.............................................................

 $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
# $FreeBSD: release/9.0.0/crypto/openssh/sshd_config 224638 2011-08-03 19:14:22Z brooks $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20110503

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server

# Disable HPN tuning improvements.
#HPNDisabled no

# Buffer size for HPN to non-HPN connections.
#HPNBufferSize 2048

# TCP receive socket buffer polling for HPN.  Disable on non autotuning kernels.
#TcpRcvBufPoll yes

# Allow the use of the NONE cipher.
#NoneEnabled no

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

rc.conf

.............................................................

hostname="freebsd"
ifconfig_em0="DHCP"
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"

本文出自 “dsafsa_技术博客” 博客,转载请与作者联系!

你可能感兴趣的:(ssh,远程登录,freebsdl)