1 |
$ cat sshd_config |
2 |
|
3 |
# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ |
4 |
|
5 |
# This is the sshd server system-wide configuration file. See |
6 |
# sshd_config(5) for more information. |
7 |
|
8 |
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin |
9 |
|
10 |
# The strategy used for options in the default sshd_config shipped with |
11 |
# OpenSSH is to specify options with their default value where |
12 |
# possible, but leave them commented. Uncommented options change a |
13 |
# default value. |
14 |
|
15 |
Port 225 |
16 |
Protocol 2 |
17 |
#AddressFamily any |
18 |
#ListenAddress 0.0.0.0 |
19 |
#ListenAddress :: |
20 |
|
21 |
# HostKey for protocol version 1 |
22 |
#HostKey /etc/ssh/ssh_host_key |
23 |
# HostKeys for protocol version 2 |
24 |
#HostKey /etc/ssh/ssh_host_rsa_key |
25 |
#HostKey /etc/ssh/ssh_host_dsa_key |
26 |
|
27 |
# Lifetime and size of ephemeral version 1 server key |
28 |
#KeyRegenerationInterval 1h |
29 |
#ServerKeyBits 768 |
30 |
|
31 |
# Logging |
32 |
# obsoletes QuietMode and FascistLogging |
33 |
#SyslogFacility AUTH |
34 |
#LogLevel INFO |
35 |
|
36 |
# Authentication: |
37 |
|
38 |
#LoginGraceTime 2m |
39 |
PermitRootLogin no |
40 |
#StrictModes yes |
41 |
#MaxAuthTries 6 |
42 |
|
43 |
#RSAAuthentication yes |
44 |
#PubkeyAuthentication yes |
45 |
#AuthorizedKeysFile .ssh/authorized_keys |
46 |
|
47 |
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts |
48 |
#RhostsRSAAuthentication no |
49 |
# similar for protocol version 2 |
50 |
#HostbasedAuthentication no |
51 |
# Change to yes if you don't trust ~/.ssh/known_hosts for |
52 |
# RhostsRSAAuthentication and HostbasedAuthentication |
53 |
#IgnoreUserKnownHosts no |
54 |
# Don't read the user's ~/.rhosts and ~/.shosts files |
55 |
#IgnoreRhosts yes |
56 |
|
57 |
# To disable tunneled clear text passwords, change to no here! |
58 |
PasswordAuthentication no |
59 |
#PermitEmptyPasswords no |
60 |
|
61 |
# Change to no to disable s/key passwords |
62 |
#ChallengeResponseAuthentication yes |
63 |
|
64 |
# Kerberos options |
65 |
#KerberosAuthentication no |
66 |
#KerberosOrLocalPasswd yes |
67 |
#KerberosTicketCleanup yes |
68 |
#KerberosGetAFSToken no |
69 |
|
70 |
# GSSAPI options |
71 |
#GSSAPIAuthentication no |
72 |
#GSSAPICleanupCredentials yes |
73 |
|
74 |
# Set this to 'yes' to enable PAM authentication, account processing, |
75 |
# and session processing. If this is enabled, PAM authentication will |
76 |
# be allowed through the ChallengeResponseAuthentication and |
77 |
# PasswordAuthentication. Depending on your PAM configuration, |
78 |
# PAM authentication via ChallengeResponseAuthentication may bypass |
79 |
# the setting of "PermitRootLogin without-password". |
80 |
# If you just want the PAM account and session checks to run without |
81 |
# PAM authentication, then enable this but set PasswordAuthentication |
82 |
# and ChallengeResponseAuthentication to 'no'. |
83 |
UsePAM no |
84 |
|
85 |
#AllowTcpForwarding yes |
86 |
#GatewayPorts no |
87 |
#X11Forwarding no |
88 |
#X11DisplayOffset 10 |
89 |
#X11UseLocalhost yes |
90 |
#PrintMotd yes |
91 |
#PrintLastLog yes |
92 |
#TCPKeepAlive yes |
93 |
#UseLogin no |
94 |
#UsePrivilegeSeparation yes |
95 |
#PermitUserEnvironment no |
96 |
#Compression delayed |
97 |
#ClientAliveInterval 0 |
98 |
#ClientAliveCountMax 3 |
99 |
UseDNS no |
100 |
#PidFile /var/run/sshd.pid |
101 |
#MaxStartups 10 |
102 |
#PermitTunnel no |
103 |
|
104 |
# no default banner path |
105 |
#Banner /some/path |
106 |
|
107 |
# override default of no subsystems |
108 |
Subsystem sftp /usr/lib64/misc/sftp-server |
109 |
|
110 |
# Example of overriding settings on a per-user basis |
111 |
#Match User anoncvs |
112 |
# X11Forwarding no |
113 |
# AllowTcpForwarding no |
114 |
# ForceCommand cvs server |
115 |
|
116 |
|
117 |
vt |
118 |
2007. március 13. dátummal Aleph ezt írta: |
119 |
> A baj az, hogy a jelszavas azonosítás nincs engedélyezve, de elvárja. Ezért |
120 |
> a public-key sikeressége után elutasít. Ha minden igaz akkor a |
121 |
> configfile-ban nincs kommentelve a pam-ot engedélyező sor. |
122 |
> |
123 |
> Aleph |
124 |
> |
125 |
> 2007/3/13, cjvt <cjvt@××××××××.hu>: |
126 |
> > udv Mindenki, |
127 |
> > |
128 |
> > Van egy olyan problemam, hogy nem tudom mi okbol, de az sshd eltanacsol: |
129 |
> > |
130 |
> > Ha a kliensen (ubuntu - 192.168.1.1) probalkozom, ez az eredmeny: |
131 |
> > |
132 |
> > $ ssh user@192.168.1.50 -p 225 -v |
133 |
> > |
134 |
> > OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006 |
135 |
> > debug1: Reading configuration data /etc/ssh/ssh_config |
136 |
> > debug1: Applying options for * |
137 |
> > debug1: Connecting to 192.168.1.50 [192.168.1.50] port 225. |
138 |
> > debug1: Connection established. |
139 |
> > debug1: identity file /home/user/.ssh/identity type -1 |
140 |
> > debug1: identity file /home/user/.ssh/id_rsa type -1 |
141 |
> > debug1: identity file /home/user/.ssh/id_dsa type -1 |
142 |
> > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6 |
143 |
> > debug1: match: OpenSSH_4.6 pat OpenSSH* |
144 |
> > debug1: Enabling compatibility mode for protocol 2.0 |
145 |
> > debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-5ubuntu1 |
146 |
> > debug1: SSH2_MSG_KEXINIT sent |
147 |
> > debug1: SSH2_MSG_KEXINIT received |
148 |
> > debug1: kex: server->client aes128-cbc hmac-md5 none |
149 |
> > debug1: kex: client->server aes128-cbc hmac-md5 none |
150 |
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent |
151 |
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP |
152 |
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent |
153 |
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY |
154 |
> > debug1: Host '192.168.1.50' is known and matches the RSA host key. |
155 |
> > debug1: Found key in /home/user/.ssh/known_hosts:1 |
156 |
> > debug1: ssh_rsa_verify: signature correct |
157 |
> > debug1: SSH2_MSG_NEWKEYS sent |
158 |
> > debug1: expecting SSH2_MSG_NEWKEYS |
159 |
> > debug1: SSH2_MSG_NEWKEYS received |
160 |
> > debug1: SSH2_MSG_SERVICE_REQUEST sent |
161 |
> > debug1: SSH2_MSG_SERVICE_ACCEPT received |
162 |
> > debug1: Authentications that can continue: publickey |
163 |
> > debug1: Next authentication method: publickey |
164 |
> > debug1: Trying private key: /home/user/.ssh/identity |
165 |
> > debug1: Trying private key: /home/user/.ssh/id_rsa |
166 |
> > debug1: Trying private key: /home/user/.ssh/id_dsa |
167 |
> > debug1: No more authentication methods to try. |
168 |
> > Permission denied (publickey). |
169 |
> > |
170 |
> > |
171 |
> > a szerver (gentoo - 192.168.1.50) ugyanakkor ezt mondja a lognak: |
172 |
> > |
173 |
> > |
174 |
> > reverse mapping checking getaddrinfo for server [192.168.1.1] failed - |
175 |
> > POSSIBLE BREAK-IN ATTEMPT! |
176 |
> > |
177 |
> > valaki tudja, mit editaltam tonkre? ;) |
178 |
> > |
179 |
> > vt |
180 |
> > -- |
181 |
> > gentoo-user-hu@g.o mailing list |
182 |
|
183 |
|
184 |
-- |
185 |
gentoo-user-hu@g.o mailing list |