For the sake of server and user security, the user password authentication method is prohibited, and the key-based method is used. Lastlogin: FriOct1214: 14: 012012from192.168.7.251root@Cacti.Nagios: [root] vietcsshsshd_config # $ OpenBSD: sshd_config, v1.802008070202: 24: 18 djmExp $ # Thisisthesshdse
For the sake of server and user security, the user password authentication method is prohibited, and the key-based method is used. Lastlogin: FriOct1214: 14: example. 168.7.small root@Cacti.Nagios: [/root] vi/etc/ssh/sshd_config # $ OpenBSD: sshd_config, v1.802008/07/0202: 24: 18 djmExp $ # Thisisthesshdse
For servers andUserIs not allowed.UserPasswordAuthenticationThe "key" method.
- Last login: Fri Oct 12 14:14:01 2012 from 192.168.7.20.
- Root@Cacti.Nagios: [/root] vi/etc/ssh/sshd_config
- # $ OpenBSD: sshd_config, v 1.80 2008/07/02 02:24:18 djm Exp $
-
- # This is the sshd server system-wide configuration file. See
- # Sshd_config (5) for more information.
-
- # This sshd was compiled with PATH =/usr/local/bin:/usr/bin
-
- # The strategy used for options in the default sshd_config shipped
- # OpenSSH is to specify options with their default value where
- # Possible, but leave them commented. Uncommented options change
- # Default value.
-
- # Port 22
- # AddressFamily any
- # ListenAddress 0.0.0.0
- # ListenAddress ::
-
- # Disable legacy (protocol version 1) support in the server for new
- # Installations. In future the default will change to require explicit
- # Activation of protocol 1
- Protocol 2The listener is changed to this status after modification. Only SSH2 is used.
-
- # HostKey for protocol version 1
- # HostKey/etc/ssh/ssh_host_key
- # HostKeys for protocol version 2
- # HostKey/etc/ssh/ssh_host_rsa_key
- # HostKey/etc/ssh/ssh_host_dsa_key
-
- # Lifetime and size of ephemeral version 1 server key
- # KeyRegenerationInterval 1 h
- # ServerKeyBits 1024
-
- # Logging
- # Obsoletes QuietMode and FascistLogging
- # SyslogFacility AUTH
- SyslogFacility AUTHPRIV
- # LogLevel INFO
-
- # Authentication:
-
- # LoginGraceTime 2 m
- # PermitRootLogin yes
- PermitRootLogin noThe supervisor is changed to this status after modification, and root is not allowed.ProceedLogin
- # StrictModes yes
- # MaxAuthTries 6
- # MaxSessions 10
-
- # RSAAuthentication yes
- # PubkeyAuthentication yes
- # AuthorizedKeysFile. ssh/authorized_keys
- # AuthorizedKeysCommand none
- # AuthorizedKeysCommandRunAs nobody
-
- # For this to work you will also need host keys in/etc/ssh/ssh_known_hosts
- # RhostsRSAAuthentication no
- # Similar for protocol version 2
- # HostbasedAuthentication no
- # Change to yes if you don't trust ~ /. Ssh/known_hosts
- # RhostsRSAAuthentication and HostbasedAuthentication
- # IgnoreUserKnownHosts no
- # Don't read the user's ~ /. Rhosts and ~ /. Shosts files
- # IgnoreRhosts yes
-
- # To disable tunneled clear text passwords, change to no here!
- # PasswordAuthentication yes
- PasswordAuthentication noThe token is changed to this status after modification. logon using a password is not allowed.
- # PermitEmptyPasswords no
- PermitEmptyPasswords noReset changes to this status. Do not enter a password.ProceedLogin
- "/Etc/ssh/sshd_config" 141L, 3941C written
- Root@Cacti.Nagios: [/root] vi/etc/hosts. deny shield modify blocking rules and add lines at the end of the text
- #
- # Hosts. deny This file contains access rules which are used
- # Deny connections to network services that either use
- # The tcp_wrappers library or that have been
- # Started through a tcp_wrappers-enabled xinetd.
- #
- # The rules in this file can also be set up in
- #/Etc/hosts. allow with a 'deny' option instead.
- #
- # See 'man 5 hosts_options 'and 'man 5 hosts_access'
- # For information on rule syntax.
- # See 'man tcpd' for information on tcp_wrappers
- #
- Sshd: ALL clients add this line to shield all ssh connection requests.
- "/Etc/hosts. deny" 14L, 469C written
- You have new mail in/var/spool/mail/root
- Root@Cacti.Nagios: [/root] vi/etc/hosts. allow modify allow rules to add lines at the end of the text
- #
- # Hosts. allow This file contains access rules which are used
- # Allow or deny connections to network services that
- # Either use the tcp_wrappers library or that have been
- # Started through a tcp_wrappers-enabled xinetd.
- #
- # See 'man 5 hosts_options 'and 'man 5 hosts_access'
- # For information on rule syntax.
- # See 'man tcpd' for information on tcp_wrappers
- #
- Sshd: 192.168.7. Only 192.168.7 is allowed. Network Segment machine sshLogin
- ~
- ~
- ~
- "/Etc/hosts. allow" 11L, Objective C written
-
- Root@Cacti.Nagios: [/root] su-admin
- Admin@Cacti.Nagios: [/data] ssh-keygen-t rsa
- Generating public/private rsa key pair.
- Enter file in which to save the key (/data/. ssh/id_rsa ):
- Created directory '/data/. ssh '.
- Enter passphrase (empty for no passphrase ):
- Enter same passphrase again:
- Your identification has been saved in/data/. ssh/id_rsa.
- Your public key has been saved in/data/. ssh/id_rsa.pub.
- The key fingerprint is:
- E5: 15: ba: be: 59: ef: 2e: 74: df: b6: ee: e1: 6a: 24: be: da admin@Cacti.Nagios
- The key's randomart image is:
- + -- [RSA 2048] ---- +
- |. |
- |... |
- | O. |
- | O |
- | S o |
- | ...... |
- | O. +. o. |
- |. =. O. = |
- |. + Eo = B *. |
- + ----------------- +
- Admin@Cacti.Nagios: [/data] ls-
- ... Bash_history. bash_logout. bash_profile. bashrc lost + found. ssh. viminfo
- Admin@Cacti.Nagios: [/data] cd. ssh/
- Admin@Cacti.Nagios: [/data/. ssh] ll
- Total 8
- -Rw ------- 1 admin 1751 Oct 12 id_rsa
- -Rw-r -- 1 admin 401 Oct 12 id_rsa.pub
- Admin@Cacti.Nagios: [/data/. ssh] cat ~ /. Ssh/id_rsa.pub> ~ /. Ssh/authorized_keys
- Admin@Cacti.Nagios: [/data/. ssh] ls-
- ... Authorized_keys id_rsa id_rsa.pub
- Admin@Cacti.Nagios: [/data/. ssh] chmod 400 authorized_keys
- Admin@Cacti.Nagios: [/data/. ssh] ll-
- Total 20
- Drwx ------ 2 admin 4096 Oct 12.
- Drwxr-xr-x 4 admin 4096 Oct 12 ..
- -R -------- 1 admin 401 Oct 12 authorized_keys
- -Rw ------- 1 admin 1751 Oct 12 id_rsa
- -Rw-r -- 1 admin 401 Oct 12 id_rsa.pub
-
- Now, the private key id_rsa is exported to the windows client. Then, delete the generated public key id_rsa.pub.
- Restart the sshd service to make the configuration changes take effect.
- Root@Cacti.Nagios: [/root]/etc/rc. d/init. d/sshd restart Stopping sshd: [OK] Starting sshd: [OK]
650) this. width = 650; "src =" http://cdn.verydemo.com/upload/2013_05_29/13698145869140.jpg "border =" 0 "alt =" "/> 650) this. width = 650; "src =" http://cdn.verydemo.com/upload/2013_05_29/13698145872331.jpg "border =" 0 "alt =" "/> 650) this. width = 650; "src =" http://cdn.verydemo.com/upload/2013_05_29/13698145875642.jpg "border =" 0 "alt =" "/> 650) this. width = 650; "src =" http://cdn.verydemo.com/upload/2013_05_29/13698145878883.jpg "border =" 0 "alt =" "/>
Bug blog