配置Solaris允許SSH遠程登錄

　　Oracle Solaris 10操作系統安裝完成后，默認配置下，不允許root通過SSH登錄系統。下面是學習啦小編收集整理的配置Solaris允許SSH遠程登錄，希望對大家有幫助~~

　　配置Solaris允許SSH遠程登錄

　　工具/原料

　　Solaris 10

　　方法/步驟

　　1) 配置/etc/ssh/sshd_config的PermitRootLogin參數

　　#

　　# gedit /etc/ssh/sshd_config

　　# cat /etc/ssh/sshd_config

　　# Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.

　　#

　　# ident "@(#)sshd_config 1.10 10/10/19 SMI"

　　#

　　# Configuration file for sshd(1m)

　　# Protocol versions supported

　　#

　　# The sshd shipped in this release of Solaris has support for major versions

　　# 1 and 2. It is recommended due to security weaknesses in the v1 protocol

　　# that sites run only v2 if possible. Support for v1 is provided to help sites

　　# with existing ssh v1 clients/servers to transition.

　　# Support for v1 may not be available in a future release of Solaris.

　　#

　　# To enable support for v1 an RSA1 key must be created with ssh-keygen(1).

　　# RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they

　　# do not already exist, RSA1 keys for protocol v1 are not automatically created.

　　# Uncomment ONLY ONE of the following Protocol statements.

　　# Only v2 (recommended)

　　Protocol 2

　　# Both v1 and v2 (not recommended)

　　#Protocol 2,1

　　# Only v1 (not recommended)

　　#Protocol 1

　　# Listen port (the IANA registered port number for ssh is 22)

　　Port 22

　　# The default listen address is all interfaces, this may need to be changed

　　# if you wish to restrict the interfaces sshd listens on for a multi homed host.

　　# Multiple ListenAddress entries are allowed.

　　# IPv4 only

　　#ListenAddress 0.0.0.0

　　# IPv4 & IPv6

　　ListenAddress ::

　　# Port forwarding

　　AllowTcpForwarding no

　　# If port forwarding is enabled, specify if the server can bind to INADDR_ANY.

　　# This allows the local port forwarding to work when connections are received

　　# from any remote host.

　　GatewayPorts no

　　# X11 tunneling options

　　X11Forwarding yes

　　X11DisplayOffset 10

　　X11UseLocalhost yes

　　# The maximum number of concurrent unauthenticated connections to sshd.

　　# start:rate:full see sshd(1) for more information.

　　# The default is 10 unauthenticated clients.

　　#MaxStartups 10:30:60

　　# Banner to be printed before authentication starts.

　　#Banner /etc/issue

　　# Should sshd print the /etc/motd file and check for mail.

　　# On Solaris it is assumed that the login shell will do these (eg /etc/profile).

　　PrintMotd no

　　# KeepAlive specifies whether keep alive messages are sent to the client.

　　# See sshd(1) for detailed description of what this means.

　　# Note that the client may also be sending keep alive messages to the server.

　　KeepAlive yes

　　# Syslog facility and level

　　SyslogFacility auth

　　LogLevel info

　　#

　　# Authentication configuration

　　#

　　# Host private key files

　　# Must be on a local disk and readable only by the root user (root:sys 600).

　　HostKey /etc/ssh/ssh_host_rsa_key

　　HostKey /etc/ssh/ssh_host_dsa_key

　　# Length of the server key

　　# Default 768, Minimum 512

　　ServerKeyBits 768

　　# sshd regenerates the key every KeyRegenerationInterval seconds.

　　# The key is never stored anywhere except the memory of sshd.

　　# The default is 1 hour (3600 seconds).

　　KeyRegenerationInterval 3600

　　# Ensure secure permissions on users .ssh directory.

　　StrictModes yes

　　# Length of time in seconds before a client that hasn't completed

　　# authentication is disconnected.

　　# Default is 600 seconds. 0 means no time limit.

　　LoginGraceTime 600

　　# Maximum number of retries for authentication

　　# Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2

　　MaxAuthTries 6

　　MaxAuthTriesLog 3

　　# Are logins to accounts with empty passwords allowed.

　　# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK

　　# to pam_authenticate(3PAM).

　　PermitEmptyPasswords no

　　# To disable tunneled clear text passwords, change PasswordAuthentication to no.

　　PasswordAuthentication yes

　　# Use PAM via keyboard interactive method for authentication.

　　# Depending on the setup of pam.conf(4) this may allow tunneled clear text

　　# passwords even when PasswordAuthentication is set to no. This is dependent

　　# on what the individual modules request and is out of the control of sshd

　　# or the protocol.

　　PAMAuthenticationViaKBDInt yes

　　# Are root logins permitted using sshd.

　　# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user

　　# maybe denied access by a PAM module regardless of this setting.

　　# Valid options are yes, without-password, no.

　　# PermitRootLogin no

　　PermitRootLogin yes

　　# sftp subsystem

　　Subsystem sftp internal-sftp

　　# SSH protocol v1 specific options

　　#

　　# The following options only apply to the v1 protocol and provide

　　# some form of backwards compatibility with the very weak security

　　# of /usr/bin/rsh. Their use is not recommended and the functionality

　　# will be removed when support for v1 protocol is removed.

　　# Should sshd use .rhosts and .shosts for password less authentication.

　　IgnoreRhosts yes

　　RhostsAuthentication no

　　# Rhosts RSA Authentication

　　# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.

　　# If the user on the client side is not root then this won't work on

　　# Solaris since /usr/bin/ssh is not installed setuid.

　　RhostsRSAAuthentication no

　　# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.

　　#IgnoreUserKnownHosts yes

　　# Is pure RSA authentication allowed.

　　# Default is yes

　　RSAAuthentication yes

　　2) 重啟SSH服務，使配置生效

　　# svcadm restart ssh

　　3) 重啟系統

　　可能需要重啟Solaris后，root才可以遠程登錄。

　　# reboot

　　44) 遠程登錄

　　Last login: Wed Jan 7 17:14:15 2015 from 192.168.137.105

　　Oracle Corporation SunOS 5.10 Generic Patch January 2005

配置遠程登錄相關文章：

1.HCL模擬器如何配置交換機遠程登錄

2.H3C交換機配置本地登錄和遠程登錄的用戶名和密碼教程

3.如何設置遠端WEB管理功能

4.h3c模擬器器配置telnet遠程登陸

5.華為交換機如何配置telnet登錄設備

6.教你Linux的遠程登錄方法和無密碼登錄方法

7.遠程訪問服務器怎么配置