Test environment: solaris10 (rsync server) IP: 192.168.71.98;
Redhat9 (rsync client) IP: 192.168.71.178;
Rsync-2.6.8 + openssh-4.3p2-sol10-x86-local
Test content: Synchronize the files in the client/root/with the/src folder on the server;
1) Client configuration (192.168.71.178 RedHat ):
In the user directory to be authorized, this is root:
Ssh-keygen-t rsa-B 2048-F/root/. Ssh/hostkey
If there is no. Ssh directory, manually create one. At this time, two files, hostkey. Pub, will be generated under this directory;
Transmit the generated hustkey. Pub to the server because it is used for authentication:
SCP/root/. Ssh/hostkey. Pub 192.168.71.98:/. Ssh/
2) server configuration (192.168.71.98 solaris10 ):
A. in/etc/hosts. Allow, add: sshd: 192.168.71.178 to allow the client to log on;
B. manually create: Touch authorized_keys; chomd 600 authorized_keys IN THE/. Ssh directory. Then, import the hostkey. Pub from the client SCP to: CAT hostkey. Pub> authorized_keys.
C, VI/etc/ssh/sshd_config file:
"/Etc/ssh/sshd_config" 164 lines, 5276 characters
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# Ident "@ (#) sshd_config 1.8 04/05/10 SMI"
#
# Configuration file for sshd (1 m)
# Protocol versions supported
#
# The sshd shipped in this release of Solaris has support for major versions
#1 and 2. It is recommended due to security weaknesses in the V1 Protocol
# That sites run only V2 if possible. Support for V1 is provided to help sites
# With existing SSH V1 clients/servers to transition.
# Support for V1 may not be available in a future release of Solaris.
#
# To enable support for V1 an rsa1 key must be created with ssh-keygen (1 ).
# RSA and DSA keys for protocol v2 are created by/etc/init. d/sshd if they
# Do not already exist, rsa1 keys for protocol V1 are not automatically created.
# Uncomment only one of the following protocol statements.
# Only V2 (recommended) # disable
# Protocol 2
# Both V1 and V2 (not recommended) # enable. It is recommended to increase compatibility.
Protocol 2, 1
# Only V1 (not recommended)
# Protocol 1
# Listen port (the IANA registered port number for SSH is 22)
Port 22
# The default listen address is all interfaces, this may need to be changed
# If you want to restrict the interfaces sshd listens on for a Multi Homed Host.
# Multiple listenaddress entries are allowed.
# IPv4 only
# ListenAddress 0.0.0.0
# IPv4 & IPv6
ListenAddress ::
# Port forwarding
AllowTcpForwarding no
# If port forwarding is enabled, specify if the server can bind to INADDR_ANY.
# This allows the local port forwarding to work when connections are already ed
# From any remote host.
GatewayPorts no
# X11 tunneling options
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
# The maximum number of concurrent unauthenticated connections to sshd.
# Start: rate: full see sshd (1) for more information.
# The default is 10 unauthenticated clients.
# MaxStartups 10: 30: 60
# Banner to be printed before authentication starts.
# Banner/etc/issue
# Shoshould sshd print the/etc/motd file and check for mail.
# On Solaris it is assumed that the login shell will do these (eg/etc/profile ).
PrintMotd no
# KeepAlive specifies whether keep alive messages are sent to the client.
# See sshd (1) for detailed description of what this means.
# Note that the client may also be sending keep alive messages to the server.
KeepAlive yes
# Syslog facility and level
SyslogFacility auth
LogLevel info
#
# Authentication configuration
#
# Host private key files
# Must be on a local disk and readable only by the root user (root: sys 600 ).
HostKey/etc/ssh/ssh_host_rsa_key
HostKey/etc/ssh/ssh_host_dsa_key
# Default Encryption algorithms and Message Authentication codes
# Ciphers aes128-ctr, aes128-cbc, arcfour, 3des-cbc, blowfish-CBC
# Macs hmac-md5, hmac-sha1, hmac-sha1-96, hmac-md5-96
# Length of the server key
# Default 768, minimum 512
Serverkeybits 768
# Sshd regenerates the key every keyregenerationinterval seconds.
# The Key is never stored anywhere doesn't the memory of sshd.
# The default is 1 hour (3600 seconds ).
Keyregenerationinterval 3600
# Ensure secure permissions on users. Ssh directory.
Strictmodes Yes
# Length of time in seconds before a client that hasn't completed
# Authentication is disconnected.
# Default is 600 seconds. 0 means no time limit.
Logingracetime 600
# Maximum number of Retries for authentication
# Default is 6. Default (if unset) for maxauthtrieslog is maxauthtries/2
Maxauthtries 6
Maxauthtrieslog 3
# Are logins to accounts with empty passwords allowed.
# If permitemptypasswords is no, pass pam_disallow_null_authtok
# To pam_authenticate (3pam ).
Permitemptypasswords No
# To disable tunneled clear text passwords, change passwordauthentication to No.
Passwordauthentication Yes
# Use PAM via keyboard Interactive Method for authentication.
# Depending on the Setup of Pam. conf (4) This may allow tunneled clear text
# Passwords even when passwordauthentication is set to No. This is dependent
# On what the individual modules request and is out of the control of sshd
# Or the protocol.
Pamauthenticationviakbdint Yes
# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate (3PAM) so the root (or any other) user
# Maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no.
PermitRootLogin yes
# Sftp subsystem
Subsystem sftp/usr/lib/ssh/sftp-server
# SSH protocol v1 specific options
#
# The following options only apply to the v1 protocol and provide
# Some form of backwards compatibility with the very weak security
# Of/usr/bin/rsh. Their use is not recommended and the functionality
# Will be removed when support for v1 protocol is removed.
# Shoshould sshd use. rhosts and. shosts for password less authentication.
IgnoreRhosts yes
RhostsAuthentication yes # enable
# Rhosts RSA Authentication is modified here.
# For this to work you will also need host keys in/etc/ssh/ssh_known_hosts.
# If the user on the client side is not root then this won't work on
# Solaris since/usr/bin/ssh is not installed setuid.
RhostsRSAAuthentication yes # enable
AuthorizedKeysFile. ssh/authorized_keys # Add this line, the key Essence
# Uncomment if you don't trust ~ /. Ssh/known_hosts for RhostsRSAAuthentication.
# IgnoreUserKnownHosts yes
# Is pure RSA authentication allowed.
# Default is yes
RSAAuthentication yes # enable
ChRootGroups sftp, guest
Test:
On the client: rsync-avz-e "ssh-I/root/. ssh/hostkey"/root/192.168.71.98:/src
Building file list... done
./
. Xresources
. Bash_history
. Bash_logout
. Bash_profile
. Bashrc
. Cshrc
. Tcshrc
Anaconda-ks.cfg
Format. dat
Install. Log
Install. log. Syslog
Test
. Gconfd/
. Ssh/
. Ssh/hostkey
. Ssh/hostkey. Pub
. Ssh/known_hosts
MNT/
MNT/34344.c
MNT/ABC. c
MNT/dsdw. c
MNT/format. dat
MNT/password. Pas
MNT/test/
MNT/test/123.c
MNT/test/ewrwe. c
MNT/test/sdfsdfsd. c